We’re excited to announce that starting April 2022, we will be making monthly updates for modern .NET (.NET Core) available for server operating systems via Microsoft Update (MU) on an opt-in basis.
If you do not want to have your servers updated automatically for you no action is required. If on the other hand you do want to leverage this for your servers review continue reading below.
There is no change for client operating systems which will continue to receive updates via Automatic Updates, WSUS, and MU Catalog as earlier.
More Information
Updates for supported versions of .NET Core 3.1, .NET 5.0 and .NET 6.0 are currently offered to server operating systems via Windows Server Update Services (WSUS) and Microsoft Update Catalog but not the Automatic Updates (AU) channel. You can now get your server operating system automatically updated by opting in for this behavior.
Opting in
You can opt in for automatic updates by setting one or more of these registry keys on your server.
.NET Version | Registry Key | Name | Value |
---|---|---|---|
Allow All .NET Updates | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET] | “AllowAUOnServerOS” | dword:00000001 |
Allow .NET 6.0 Updates | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET\6.0] | “AllowAUOnServerOS” | dword:00000001 |
Allow .NET 5.0 Updates | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET\5.0] | “AllowAUOnServerOS” | dword:00000001 |
Allow .NET 3.1 Updates | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET\3.1] | “AllowAUOnServerOS” | dword:00000001 |
Setting the registry key can be achieved by adding the entry (this is an example for enabling 6.0 updates) in a “.reg” file and running this.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET\6.0] "AllowAUOnServerOS"=dword:00000001
Alternatively, you can use Group Policy to deploy the registry key to many computers at once.
Why are we making this change?
From the first time we started shipping updates for modern .NET via Microsoft Update we have continued to refine this delivery channel including the recent addition of updates for the Hosting Bundle. The vast majority of customers use servers in a managed environment and deployments are handled using a management tool such as Microsoft Intune, Microsoft Endpoint Manager (MEP), System Center Config Manager (SCCM) or Windows Server Update Services (WSUS) and these customers prefer their servers are not directly patched outside of this management environment so they can exercise control over scheduling potential service downtime, reboots, etc. So when we started offering updates via MU we excluded Automatic Updates (AU).
A small number of customers have told us they don’t use a deployment management tool and would like to leverage AU to update their servers similar to clients. We believe the opt in approach we’re rolling out today will allow these customers to get the benefit of AU for their server operating systems without impacting the larger set of customers that do not want this.
In Closing
We’re excited to start delivering updates for modern .NET to server operating systems via Microsoft Update on an opt-in basis and look forward to your feedback on this experience. If you do not want to have your server operating systems updated automatically for you no action is required. If on the other hand you do want to leverage this for your servers review the guidance above.
What is the proposed automatic-update way in Ubuntu-linux?
Is there a similar article?
Thank you
Hi Team,
I set this up on Windows Server 2016.
Set the registry key for .NET 6. Restarted. Refreshed Windows Update.
Still would not update .NET 6.
In Windows Update --> Advanced Options
I had to tick "Give me updates for other Microsoft products when I update Windows."
Then I started to receive .NET 6 updates via Windows Updates.
I have tried to set "Give me updates for other Microsoft products when I update Windows." via reg...
On Febrary 2022, I updated a cumulative update for .net framework for windows 10,
then restart the windows, it stops at the Lenovo logo page. Very helpless.
And luckily, I can perform a restore. Thanks for Microsoft update provide a restore point by its ownself
automatically.
From then on, every month, when the cumulative update for .net framework for windows 10 is available and
pending to install, I am very afraid that my...
Thank you for this feature, I deliver .NET apps to small companies who have in-house Windows Server without anything like WSUS, and this will help.
Not directly related, but a question on something similar:
for the .Net framework cumulative updates, they frequently get released as “Preview” (and they’re listed as Preview in Windows updates for Windows 10/11), and yet Windows Update auto-installs them. If it’s truly a preview and a there will be a later...
At the time of this post, there is still a discrepancy between the table and the registry file. To clarify for everyone, there is a separate sub key under Microsoft called “.NET”. The sub key Microsoft.NET is incorrect.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NET]
“AllowAUOnServerOS”=dword:00000001
This is fixed now.
Thanks for the article. I’m left with a doubt. Are these security updates or are they functional improvements to the frameworks or both? I would auto approve security updates but would require a controlled rollout of any functional changes.
Thanks
Colin
Hang on, hang on.
BEFORE posting anything, can you at least check your facts????
Firstly, WHICH registry path is it?
Are you saying that you didn't even REVIEW your post before posting to even notice that the \ were missing???
Have you SEEN how many idiots on IT forums have directly pasted your initial post to their forums without the \ and not even noticing? They obviously don't know ANYTHING about registry hives to not...
Like I said in the post if you do not want your servers updated automatically no action needs to be taken, that is the default state. You can set the reg keys only if you want to opt-in to this new behavior.
Please read again, this post is about an opt-in feature, through Window Registry keys, to enable automatic updates for .NET Core 3.1, .NET 5 and .NET 6. It is not turned on by default because, as the section "Why are we making this change?" says, most business users don't use Automatic Updates (AU), as they rely on other means to deliver updates to their servers. If you don't do anything, the updates in your servers...
Correct.
I’m not sure how you read this post, but I read it as “if you wanted to receive .NET automatic updates, set or create these registry entries”. The default is to not serve using AU, so no change necessary if you want things to operate as they have(“opt-in”).
Correct. If you want everything to remain as-is (like it was before April 2022), no further action is required.
Why aren’t .NET and .NET Core updates available in MSRC when they are classified as security updates?
Not sure what you mean by available in MSRC, can you elaborate?
MSRC (Microsoft Security Response Center)
https://msrc.microsoft.com/update-guide
It's where all Microsoft products lists their security related updates including CVE details.
All except for .NET Core 3/5/6.
Their API is also very much used to collect information used for example patch Tuesday.
As an enterprise software provider with many large customers, it's very cumbersome to handle .NET updates in "quirky special ways".
Please handle all the patching logic including how you publish information, in a standardized way, like the...
Updates for .NET are listed on the MSRC site. Set the Product Family filter to Developer Tools, scroll to the bottom. In a pinch look for the CVE-2022-23267. You will see line items for .NET Core 3.1, .NET 5.0 and .NET 6.0.
Glad it's opt-in. Until .NET updates are seemless like .NET Framework updates were, there's no way our servers could be automatically updated.
Here's what happened yesterday on three different Server 2016 systems:Read more
Ran windowsdesktop-runtime-6.0.4-win-x64.exe, checked task manager, see the 5 winform apps that were running prior(but of course, they don't show up on the task bar or system tray). End task on each one of them and started them back up. GitHub #23857
Thank you for this! I manage a small number of servers and WSUS is an overkill. I would have preferred AU to be turned on by default though because as you said, the bigger customers manage them using WSUS or SCCM anyway. But this would be a huge time saver for me.
Thanks again.