{"id":16566,"date":"2018-01-09T22:39:31","date_gmt":"2018-01-10T06:39:31","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=16566"},"modified":"2021-09-29T16:36:04","modified_gmt":"2021-09-29T23:36:04","slug":"net-framework-january-2018-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-january-2018-security-and-quality-rollup\/","title":{"rendered":".NET Framework January 2018 Security and Quality Rollup"},"content":{"rendered":"<p>Updated: January 25, 2018<\/p>\n<p>Today, we are releasing the January 2018 Security and Quality Rollup.<\/p>\n<p><span>An issue with the January 2018 Monthly Rollup was found on Windows 7 and Windows Server 2008 R2 if .NET Framework 4.7.1 was already installed. It has been resolved. The download links for these Windows versions have been updated in the table below. A fixit tool has also be released to fix affected machines. See\u00a0<a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/53\">.NET Framework January 2018 Rollup Known Issue KB4074906 &#8211; &#8220;TypeInitializationException&#8221; or &#8220;FileFormatException&#8221; error in WPF applications<\/a> for more information.<\/span><\/p>\n<p>See\u00a0<a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/01\/09\/net-framework-4-7-1-is-available-on-windows-update-wsus-and-mu-catalog\/\">.NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog!<\/a> for separately available reliability updates for the .NET Framework 4.7.1.<\/p>\n<h2><a href=\"#security\" id=\"user-content-security\" class=\"anchor\"><\/a>Security<\/h2>\n<h3><a href=\"#cve-2018-0786--security-feature-bypass-in-x509-certificate-validation\" id=\"user-content-cve-2018-0786--security-feature-bypass-in-x509-certificate-validation\" class=\"anchor\"><\/a>CVE-2018-0786 \u2013 Security Feature Bypass in X509 Certificate Validation<\/h3>\n<p><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-0786\">CVE-2018-0786<\/a> &#8211; A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates.<\/p>\n<p>An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings.<\/p>\n<p>The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.<\/p>\n<h3><a href=\"#cve-2018-0764--denial-of-service-when-parsing-xml-documents\" id=\"user-content-cve-2018-0764--denial-of-service-when-parsing-xml-documents\" class=\"anchor\"><\/a>CVE-2018-0764 \u2013 Denial of Service when parsing XML documents<\/h3>\n<p><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-0764\">CVE-2018-0764<\/a> &#8211; A Denial of Service vulnerability exists when .NET Framework, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application.<\/p>\n<p>The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing.<\/p>\n<h2><a href=\"#quality-and-reliability\" id=\"user-content-quality-and-reliability\" class=\"anchor\"><\/a>Quality and Reliability<\/h2>\n<p>This release contains no new quality and reliability improvements.<\/p>\n<h2><a href=\"#getting-the-update\" id=\"user-content-getting-the-update\" class=\"anchor\"><\/a>Getting the Update<\/h2>\n<p>The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.<\/p>\n<h3><a href=\"#microsoft-update-catalog\" id=\"user-content-microsoft-update-catalog\" class=\"anchor\"><\/a>Microsoft Update Catalog<\/h3>\n<p>You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<th>Security-only Update KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 10 1709 (Fall Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4056892\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4056892\">4056892<\/a><\/strong><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056892\">4056892<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.7.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056892\">4056892<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1703 (Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4056891\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4056891\">4056891<\/a><\/strong><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056891\">4056891<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.7, 4.7.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056891\">4056891<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1607 (Anniversary Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4056890\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4056890\">4056890<\/a><\/strong><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056890\">4056890<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6.2, 4.7<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056890\">4056890<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1511<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4056888\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4056888\">4056888<\/a><\/strong><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056888\">4056888<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6.1, 4.6.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056888\">4056888<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1507<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4056893\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4056893\">4056893<\/a><\/strong><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056893\">4056893<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6, 4.6.1, 4.6.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4056893\">4056893<\/a><\/td>\n<td>N\/A<\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 8.1\nWindows RT 8.1\nWindows Server 2012 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055266\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055266\">4055266<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055271\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055271\">4055271<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054999\">4054999<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054177\">4054177<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054993\">4054993<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054170\">4054170<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4055001\">4055001<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054182\">4054182<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2012<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055265\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055265\">4055265<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055270\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055270\">4055270<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054997\">4054997<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054175\">4054175<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054994\">4054994<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054171\">4054171<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4055000\">4055000<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054181\">4054181<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 7\nWindows Server 2008 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055532\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055532\">4055532<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055269\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055269\">4055269<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 3.5.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054998\">4054998<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054176\">4054176<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054995\">4054995<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054172\">4054172<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4074880\">4074880<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054183\">4054183<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2008<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055267\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055267\">4055267<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4055272\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4055272\">4055272<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 2.0, 3.0<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054996\">4054996<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054174\">4054174<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054995\">4054995<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054172\">4054172<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-left: .5cm\">.NET Framework 4.6<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4055002\">4055002<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4054183\">4054183<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Known Issue<\/h3>\n<p><span>An issue has been found in the\u00a0<\/span><a href=\"https:\/\/support.microsoft.com\/help\/4055002\" rel=\"nofollow\">.NET Framework January 2018 Security and Quality Rollup (KB 4055002)<\/a><span>, applicable to .NET Framework 4.7.1 installed on either Windows 7 and Windows Server 2008 R2. The .NET team has fixed the issue and re-released the January 2018 Monthly Rollup as\u00a0<\/span><a href=\"https:\/\/support.microsoft.com\/help\/4074880\" rel=\"nofollow\">KB 4074880<\/a><span>.<\/span><\/p>\n<p>See\u00a0<a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/53\">.NET Framework January 2018 Rollup Known Issue KB4074906 &#8211; &#8220;TypeInitializationException&#8221; or &#8220;FileFormatException&#8221; error in WPF applications<\/a> for more information.<\/p>\n<h3><a href=\"#docker-images\" id=\"user-content-docker-images\" class=\"anchor\"><\/a>Docker Images<\/h3>\n<p>Docker images have been updated as part of today&#8217;s release (actually, a few days ago).<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnet\/\" rel=\"nofollow\">microsoft\/aspnet<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework\/\" rel=\"nofollow\">microsoft\/dotnet-framework<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework-samples\/\" rel=\"nofollow\">microsoft\/dotnet-framework-samples<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/wcf\/\" rel=\"nofollow\">microsoft\/wcf<\/a><\/li>\n<\/ul>\n<p>Note: Look at the &#8220;Tags&#8221; view in each repository to see the updated Docker image tags.<\/p>\n<p>Note: Significant changes have been made with Docker images recently. Please look at <a href=\"https:\/\/github.com\/dotnet\/announcements\/labels\/Docker\">.NET Docker Announcements<\/a> for more information.<\/p>\n<h3><a href=\"#previous-monthly-rollups\" id=\"user-content-previous-monthly-rollups\" class=\"anchor\"><\/a>Previous Monthly Rollups<\/h3>\n<p>The last few .NET Framework Monthly updates are listed below for your convenience:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2017\/11\/14\/net-framework-november-2017-security-and-quality-rollup\/\" rel=\"nofollow\">November 2017 Security and Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-october-2017-preview-of-quality-rollup\/\" rel=\"nofollow\">October 2017 Preview of Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2017\/10\/10\/net-framework-october-2017-security-and-quality-rollup\/\" rel=\"nofollow\">October 2017 Security and Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2017\/09\/25\/net-framework-september-2017-preview-of-quality-rollup\/\" rel=\"nofollow\">September 2017 Preview of Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2017\/09\/12\/net-framework-september-2017-security-and-quality-rollup\/\" rel=\"nofollow\">September 2017 Security and Quality Rollup<\/a><\/li>\n<\/ul>\n<p>Other Updates:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/01\/09\/net-core-january-2018-update\/\">.NET Core January 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/01\/09\/net-for-uwp-january-2018-update\/\">.NET for UWP January 2018 Update <\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Updated: January 25, 2018 Today, we are releasing the January 2018 Security and Quality Rollup. An issue with the January 2018 Monthly Rollup was found on Windows 7 and Windows Server 2008 R2 if .NET Framework 4.7.1 was already installed. It has been resolved. The download links for these Windows versions have been updated in [&hellip;]<\/p>\n","protected":false},"author":336,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-16566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Updated: January 25, 2018 Today, we are releasing the January 2018 Security and Quality Rollup. An issue with the January 2018 Monthly Rollup was found on Windows 7 and Windows Server 2008 R2 if .NET Framework 4.7.1 was already installed. It has been resolved. The download links for these Windows versions have been updated in [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/16566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=16566"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/16566\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=16566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=16566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=16566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}