{"id":19095,"date":"2018-09-11T11:36:50","date_gmt":"2018-09-11T18:36:50","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=19095"},"modified":"2019-02-20T11:19:20","modified_gmt":"2019-02-20T18:19:20","slug":"net-framework-september-2018-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-september-2018-security-and-quality-rollup\/","title":{"rendered":".NET Framework September 2018 Security and Quality Rollup"},"content":{"rendered":"<p>Updated: September 21, 2018<\/p>\n<ul>\n<li>SharePoint workflows may stop working after installing this update.\u00a0 See\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4465015\/sharepoint-workflows-stop-after-cve-2018-8421-security-update\">SharePoint workflows stop working after you install .NET security updates for CVE-2018-8421<\/a> for further guidance.<\/li>\n<\/ul>\n<p>Today, we are releasing the September 2018 Security and Quality Rollup.<\/p>\n<h2><a href=\"#security\" id=\"user-content-security\" class=\"anchor\"><\/a>Security<\/h2>\n<h3><a href=\"#cve-2018-1039--windows-security-feature-bypass-vulnerability\" id=\"user-content-cve-2018-1039--windows-security-feature-bypass-vulnerability\" class=\"anchor\"><\/a>CVE-2018-8421 \u2013 Windows Remote Code Execution Vulnerability<\/h3>\n<p>This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when .NET Framework processes untrusted input. An attacker who successfully exploits this vulnerability in software by using .NET Framework could take control of an affected system. The\u00a0attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.<\/p>\n<div class=\"ng-scope\" role=\"presentation\">\n<article class=\"ng-scope\" role=\"article\">\n<div class=\"ng-scope\">\n<div class=\"article-container\">\n<div class=\"ng-scope ng-isolate-scope\">\n<div class=\"main-content-container\">\n<div class=\"content-article\">\n<div class=\"ng-isolate-scope\">\n<div class=\"ng-scope\">\n<div class=\"ng-isolate-scope\">\n<section class=\"section ng-scope\">\n<div class=\"section-body ng-scope\">\n<div class=\"ng-scope\">\n<div class=\"ng-isolate-scope\">\n<div class=\"kb-summary-section section ng-scope\">\n<p><span>To exploit the vulnerability, an attacker would first have to convince the user to open a malicious document or application.<\/span><\/p>\n<p><span>This security update addresses the vulnerability by correcting how .NET Framework validates untrusted input.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n<p><a href=\"https:\/\/portal.msrc.microsoft.com\/security-guidance\/advisory\/CVE-2018-8421\">CVE-2018-8421<\/a><\/p>\n<h2><a href=\"#getting-the-update\" id=\"user-content-getting-the-update\" class=\"anchor\"><\/a>Getting the Update<\/h2>\n<p>The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.<\/p>\n<h3><a href=\"#microsoft-update-catalog\" id=\"user-content-microsoft-update-catalog\" class=\"anchor\"><\/a>Microsoft Update Catalog<\/h3>\n<p>You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.<\/p>\n<p>The following table is for Windows 10 and Windows Server 2016+.<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 10 1803 (April 2018 Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457128\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457128\" rel=\"nofollow\">4457128<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457128\" rel=\"nofollow\">4457128<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457128\" rel=\"nofollow\">4457128<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1709 (Fall Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457142\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457142\" rel=\"nofollow\">4457142<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457142\" rel=\"nofollow\">4457142<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457142\" rel=\"nofollow\">4457142<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1703 (Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457138\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457138\" rel=\"nofollow\">4457138<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457138\" rel=\"nofollow\">4457138<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457138\" rel=\"nofollow\">4457138<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1607 (Anniversary Update)\nWindows Server 2016<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457131\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457131\" rel=\"nofollow\">4457131<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457131\" rel=\"nofollow\">4457131<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457131\" rel=\"nofollow\">4457131<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1507<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457132\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457132\" rel=\"nofollow\">4457132<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457132\" rel=\"nofollow\">4457132<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457132\" rel=\"nofollow\">4457132<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The following table is for earlier Windows and Windows Server versions.<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<th>Security Only Update KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 8.1\nWindows RT 8.1\nWindows Server 2012 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457920\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457920\" rel=\"nofollow\">4457920<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457916\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457916\" rel=\"nofollow\">4457916<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457045\" rel=\"nofollow\">4457045<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457056\" rel=\"nofollow\">4457056<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457036\" rel=\"nofollow\">4457036<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457028\" rel=\"nofollow\">4457028<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457034\" rel=\"nofollow\">4457034<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457026\" rel=\"nofollow\">4457026<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2012<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457919\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457919\" rel=\"nofollow\">4457919<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457915\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457915\" rel=\"nofollow\">4457915<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457042\" rel=\"nofollow\">4457042<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457053\" rel=\"nofollow\">4457053<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457037\" rel=\"nofollow\">4457037<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457029\" rel=\"nofollow\">4457029<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457033\" rel=\"nofollow\">4457033<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457025\" rel=\"nofollow\">4457025<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 7\nWindows Server 2008 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457918\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457918\" rel=\"nofollow\">4457918<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457914\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457914\" rel=\"nofollow\">4457914<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5.1<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457044\" rel=\"nofollow\">4457044<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457055\" rel=\"nofollow\">4457055<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457038\" rel=\"nofollow\">4457038<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457030\" rel=\"nofollow\">4457030<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457035\" rel=\"nofollow\">4457035<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457027\" rel=\"nofollow\">4457027<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2008<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457921\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457921\" rel=\"nofollow\">4457921<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4457917\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4457917\" rel=\"nofollow\">4457917<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 2.0, 3.0<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457043\" rel=\"nofollow\">4457043<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457054\" rel=\"nofollow\">4457054<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457038\" rel=\"nofollow\">4457038<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457030\" rel=\"nofollow\">4457030<\/a><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457035\" rel=\"nofollow\">4457035<\/a><\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4457027\" rel=\"nofollow\">4457027<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><a href=\"#docker-images\" id=\"user-content-docker-images\" class=\"anchor\"><\/a>Docker Images<\/h3>\n<p>We are updating the following .NET Framework Docker images for today\u2019s release:<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnet\/\" rel=\"nofollow\">microsoft\/aspnet<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework\/\" rel=\"nofollow\">microsoft\/dotnet-framework<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework-samples\/\" rel=\"nofollow\">microsoft\/dotnet-framework-samples<\/a><\/li>\n<\/ul>\n<p>Note: Look at the \u201cTags\u201d view in each repository to see the updated Docker image tags.<\/p>\n<h3><a href=\"#previous-monthly-rollups\" id=\"user-content-previous-monthly-rollups\" class=\"anchor\"><\/a>Previous Monthly Rollups<\/h3>\n<p>The last few .NET Framework Monthly updates are listed below for your convenience:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/08\/30\/net-framework-august-2018-preview-of-quality-rollup\/\" rel=\"nofollow\">August Preview of Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/08\/14\/august-2018-security-and-quality-rollup\/\" rel=\"nofollow\">August Security and Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/07\/30\/net-framework-july-2018-update\/\" rel=\"nofollow\">July 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/06\/13\/net-framework-june-2018-security-and-quality-rollup\/\" rel=\"nofollow\">June 2018 Security and Quality Rollup<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Updated: September 21, 2018 SharePoint workflows may stop working after installing this update.\u00a0 See\u00a0SharePoint workflows stop working after you install .NET security updates for CVE-2018-8421 for further guidance. Today, we are releasing the September 2018 Security and Quality Rollup. Security CVE-2018-8421 \u2013 Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft [&hellip;]<\/p>\n","protected":false},"author":369,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-19095","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Updated: September 21, 2018 SharePoint workflows may stop working after installing this update.\u00a0 See\u00a0SharePoint workflows stop working after you install .NET security updates for CVE-2018-8421 for further guidance. Today, we are releasing the September 2018 Security and Quality Rollup. Security CVE-2018-8421 \u2013 Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/19095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/369"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=19095"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/19095\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=19095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=19095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=19095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}