{"id":20684,"date":"2018-12-11T10:23:48","date_gmt":"2018-12-11T18:23:48","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=20585"},"modified":"2019-02-19T18:40:37","modified_gmt":"2019-02-20T01:40:37","slug":"net-framework-december-2018-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-december-2018-security-and-quality-rollup\/","title":{"rendered":".NET Framework December 2018 Security and Quality Rollup"},"content":{"rendered":"

Today, we are releasing the December 2018 Security and Quality Rollup.<\/p>\n

<\/a>Security<\/h2>\n

<\/a>CVE-2018-8540 \u2013 Windows Remote Code Execution Vulnerability<\/h3>\n

This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn’t validate input correctly. The\u00a0attacker who successfully exploits\u00a0this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who are granted administrative user rights.<\/span><\/p>\n

\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods.<\/span><\/p>\n

This security update addresses the vulnerability by correcting how .NET Framework validates input.<\/span><\/p>\n<\/div>\n

To learn more about this vulnerability, see\u00a0Microsoft Common Vulnerabilities and Exposures CVE-2018-8540<\/a>.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n

<\/a>Getting the Update<\/h2>\n

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.<\/p>\n

<\/a>Microsoft Update Catalog<\/h3>\n

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.<\/p>\n

The following table is for Windows 10 and Windows Server 2016+.<\/p>\n\n\n\n\n\n\n\n<\/tr>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Product Version<\/th>\nSecurity and Quality Rollup KB<\/th>\n<\/tr>\n<\/thead>\n
Windows 10 1809 (October 2018 Update)\nWindows Server 2019<\/strong><\/td>\nCatalog<\/a>\n4470502<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4470502<\/a><\/td>\n<\/tr>\n
.NET Framework 4.7.2<\/td>\n4470502<\/a><\/td>\n<\/tr>\n
Windows 10 1803 (April 2018 Update)<\/strong><\/td>\nCatalog<\/a>\n4471324<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4471324<\/a><\/td>\n<\/tr>\n
.NET Framework 4.7.2<\/td>\n4471324<\/a><\/td>\n<\/tr>\n
Windows 10 1709 (Fall Creators Update)<\/strong><\/td>\nCatalog<\/a>\n4471329<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4471329<\/a><\/td>\n<\/tr>\n
.NET Framework 4.7.1, 4.7.2<\/td>\n4471329<\/a><\/td>\n<\/tr>\n
Windows 10 1703 (Creators Update)<\/strong><\/td>\nCatalog<\/a>\n4471327<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4471327<\/a><\/td>\n<\/tr>\n
.NET Framework 4.7, 4.7.1, 4.7.2<\/td>\n4471327<\/a><\/td>\n<\/tr>\n
Windows 10 1607 (Anniversary Update)\nWindows Server 2016<\/strong><\/td>\nCatalog<\/a>\n4471321<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4471321<\/a><\/td>\n<\/tr>\n
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n4471321<\/a><\/td>\n<\/tr>\n
Windows 10 1507<\/strong><\/td>\nCatalog<\/a>\n4471323<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4471323<\/a><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2<\/td>\n4471323<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The following table is for earlier Windows and Windows Server versions.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Product Version<\/th>\nSecurity and Quality Rollup KB<\/th>\nSecurity Only Update KB<\/th>\n<\/tr>\n<\/thead>\n
Windows 8.1\nWindows RT 8.1\nWindows Server 2012 R2<\/strong><\/td>\nCatalog<\/a>\n4471989<\/a><\/strong><\/td>\nCatalog<\/a>\n4471983<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4470630<\/a><\/td>\n4470602<\/a><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\n4470622<\/a><\/td>\n4470491<\/a><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n4470639<\/a><\/td>\n4470499<\/a><\/td>\n<\/tr>\n
Windows Server 2012<\/strong><\/td>\nCatalog<\/a>\n4471988<\/a><\/strong><\/td>\nCatalog<\/a>\n4471982<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\n4470629<\/a><\/td>\n4470601<\/a><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\n4470623<\/a><\/td>\n4470492<\/a><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n4470638<\/a><\/td>\n4470498<\/a><\/td>\n<\/tr>\n
Windows 7\nWindows Server 2008 R2<\/strong><\/td>\nCatalog<\/a>\n4471987<\/a><\/strong><\/td>\nCatalog<\/a>\n4471981<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5.1<\/td>\n4470641<\/a><\/td>\n4470600<\/a><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\n4470637<\/a><\/td>\n4470493<\/a><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n4470640<\/a><\/td>\n4470500<\/a><\/td>\n<\/tr>\n
Windows Server 2008<\/strong><\/td>\nCatalog<\/a>\n4471990<\/a><\/strong><\/td>\nCatalog<\/a>\n4471984<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5 SP1<\/td>\n4471102<\/a><\/td>\n4470633<\/a><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\n4470637<\/a><\/td>\n4470493<\/a><\/td>\n<\/tr>\n
.NET Framework 4.6<\/td>\n4470640<\/a><\/td>\n4470500<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/a>Docker Images<\/h3>\n

We are updating the following .NET Framework Docker images for today\u2019s release:<\/p>\n