{"id":18735,"date":"2018-08-14T10:05:48","date_gmt":"2018-08-14T17:05:48","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=18735"},"modified":"2019-02-20T11:19:28","modified_gmt":"2019-02-20T18:19:28","slug":"august-2018-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/august-2018-security-and-quality-rollup\/","title":{"rendered":".NET Framework August 2018 Security and Quality Rollup"},"content":{"rendered":"<p>Today, we are releasing the August 2018 Security and Quality Rollup.\u00a0\u00a0This release also addressed the July issues explained in\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4345913\/access-denied-errors-after-installing-july-2018-security-rollup-update\">KB 4345913<\/a> and <a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/07\/20\/advisory-on-july-2018-net-framework-updates\/\">Advisory on July 2018 .NET Framework Updates<\/a>.<\/p>\n<h2><a href=\"#security\" id=\"user-content-security\" class=\"anchor\"><\/a>Security<\/h2>\n<h3><a href=\"#cve-2018-1039--windows-security-feature-bypass-vulnerability\" id=\"user-content-cve-2018-1039--windows-security-feature-bypass-vulnerability\" class=\"anchor\"><\/a>CVE-2018-8360 \u2013 Windows Information Disclosure Vulnerability<\/h3>\n<p>This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load\/high-density network connections in which content from one stream can blend into another stream.<\/p>\n<p>To exploit the vulnerability, an attacker who can access one tenant in a high-load\/high-density environment could potentially trigger multi-tenanted data exposure from one customer to another.<\/p>\n<p>This security update addresses the vulnerability by correcting the way that .NET Framework handles high-load\/high-density network connections.<\/p>\n<p><a href=\"https:\/\/portal.msrc.microsoft.com\/security-guidance\/advisory\/CVE-2018-8360\">CVE-2018-8360<\/a><\/p>\n<h2><a href=\"#quality-and-reliability\" id=\"user-content-quality-and-reliability\" class=\"anchor\"><\/a>Quality and Reliability<\/h2>\n<p>This release contains the following quality and reliability improvements.<\/p>\n<h4><a href=\"#clr\" id=\"user-content-clr\" class=\"anchor\"><\/a>CLR<\/h4>\n<ul>\n<li>Applications that rely on COM components were failing to load or run correctly because of &#8220;access denied&#8221;, &#8220;class not registered&#8221;, or &#8220;internal failure occurred for unknown reasons&#8221; errors described in\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4345913\/access-denied-errors-after-installing-july-2018-security-rollup-update\">KB 4345913<\/a> and <a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/07\/20\/advisory-on-july-2018-net-framework-updates\/\">Advisory on July 2018 .NET Framework Updates<\/a>.\u00a0 [651528]<\/li>\n<\/ul>\n<p>Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.<\/p>\n<h2><a href=\"#getting-the-update\" id=\"user-content-getting-the-update\" class=\"anchor\"><\/a>Getting the Update<\/h2>\n<p>The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.<\/p>\n<h3><a href=\"#microsoft-update-catalog\" id=\"user-content-microsoft-update-catalog\" class=\"anchor\"><\/a>Microsoft Update Catalog<\/h3>\n<p>You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.<\/p>\n<p>The following table is for Windows 10 and Windows Server 2016+.<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 10 1803 (April 2018 Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4343909\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4343909\" rel=\"nofollow\">4343909<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343909\" rel=\"nofollow\">4343909<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343909\" rel=\"nofollow\">4343909<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1709 (Fall Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4343897\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4343897\" rel=\"nofollow\">4343897<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343897\" rel=\"nofollow\">4343897<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343897\" rel=\"nofollow\">4343897<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1703 (Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4343885\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4343885\" rel=\"nofollow\">4343885<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343885\" rel=\"nofollow\">4343885<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343885\" rel=\"nofollow\">4343885<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1607 (Anniversary Update)\nWindows Server 2016<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4343887\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4343887\" rel=\"nofollow\">4343887<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343887\" rel=\"nofollow\">4343887<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343887\" rel=\"nofollow\">4343887<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1507<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4343892\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4343892\" rel=\"nofollow\">4343892<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343892\" rel=\"nofollow\">4343892<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4343892\" rel=\"nofollow\">4343892<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The following table is for earlier Windows and Windows Server versions.<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<th>Security Only Update KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 8.1\nWindows RT 8.1\nWindows Server 2012 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345592\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345592\" rel=\"nofollow\">4345592<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345681\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345681\" rel=\"nofollow\">4345681<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344153\" rel=\"nofollow\">4344153<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344178\" rel=\"nofollow\">4344178<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344147\" rel=\"nofollow\">4344147<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344171\" rel=\"nofollow\">4344171<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344145\" rel=\"nofollow\">4344145<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344166\" rel=\"nofollow\">4344166<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2012<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345591\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345591\" rel=\"nofollow\">4345591<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345680\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345680\" rel=\"nofollow\">4345680<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344150\" rel=\"nofollow\">4344150<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344175\" rel=\"nofollow\">4344175<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344148\" rel=\"nofollow\">4344148<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344172\" rel=\"nofollow\">4344172<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344144\" rel=\"nofollow\">4344144<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344165\" rel=\"nofollow\">4344165<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 7\nWindows Server 2008 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345590\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345590\" rel=\"nofollow\">4345590<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345679\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345679\" rel=\"nofollow\">4345679<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344152\" rel=\"nofollow\">4344152<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344177\" rel=\"nofollow\">4344177<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344149\" rel=\"nofollow\">4344149<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344173\" rel=\"nofollow\">4344173<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344146\" rel=\"nofollow\">4344146<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344167\" rel=\"nofollow\">4344167<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2008<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345593\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345593\" rel=\"nofollow\">4345593<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4345682\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4345682\" rel=\"nofollow\">4345682<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 2.0, 3.0<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344151\" rel=\"nofollow\">4344151<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344176\" rel=\"nofollow\">4344176<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344149\" rel=\"nofollow\">4344149<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344173\" rel=\"nofollow\">4344173<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344146\" rel=\"nofollow\">4344146<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4344167\" rel=\"nofollow\">4344167<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><a href=\"#docker-images\" id=\"user-content-docker-images\" class=\"anchor\"><\/a>Docker Images<\/h3>\n<p>We are updating the following .NET Framework Docker images for today\u2019s release:<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnet\/\" rel=\"nofollow\">microsoft\/aspnet<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework\/\" rel=\"nofollow\">microsoft\/dotnet-framework<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework-samples\/\" rel=\"nofollow\">microsoft\/dotnet-framework-samples<\/a><\/li>\n<\/ul>\n<p>Note: Look at the \u201cTags\u201d view in each repository to see the updated Docker image tags.<\/p>\n<h3><a href=\"#previous-monthly-rollups\" id=\"user-content-previous-monthly-rollups\" class=\"anchor\"><\/a>Previous Monthly Rollups<\/h3>\n<p>The last few .NET Framework Monthly updates are listed below for your convenience:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/07\/30\/net-framework-july-2018-update\/\" rel=\"nofollow\">July 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/06\/13\/net-framework-june-2018-security-and-quality-rollup\/\" rel=\"nofollow\">June 2018 Security and Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/05\/08\/net-framework-may-2018-security-and-quality-rollup\/\" rel=\"nofollow\">May 2018 Security and Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/02\/13\/net-framework-february-2018-security-and-quality-rollup\/\" rel=\"nofollow\">February 2018 Security and Quality Rollup<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the August 2018 Security and Quality Rollup.\u00a0\u00a0This release also addressed the July issues explained in\u00a0KB 4345913 and Advisory on July 2018 .NET Framework Updates. Security CVE-2018-8360 \u2013 Windows Information Disclosure Vulnerability This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in [&hellip;]<\/p>\n","protected":false},"author":369,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-18735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the August 2018 Security and Quality Rollup.\u00a0\u00a0This release also addressed the July issues explained in\u00a0KB 4345913 and Advisory on July 2018 .NET Framework Updates. Security CVE-2018-8360 \u2013 Windows Information Disclosure Vulnerability This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/18735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/369"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=18735"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/18735\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=18735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=18735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=18735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}