{"id":23208,"date":"2019-05-14T11:29:22","date_gmt":"2019-05-14T18:29:22","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=23208"},"modified":"2019-05-14T11:47:02","modified_gmt":"2019-05-14T18:47:02","slug":"net-framework-may-2019-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-may-2019-security-and-quality-rollup\/","title":{"rendered":".NET Framework May 2019 Security and Quality Rollup"},"content":{"rendered":"

Today, we are releasing the May 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update.<\/p>\n

<\/a>Security<\/h2>\n

<\/a>CVE-2019-0820 \u2013 Denial of Service Vulnerability<\/h3>\n

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing.<\/p>\n

CVE-2019-0820<\/a><\/p>\n

<\/a>CVE-2019-0980 \u2013 Denial of Service Vulnerability<\/h3>\n

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.<\/p>\n

CVE-2019-0980<\/a><\/p>\n

<\/a>CVE-2019-0981 \u2013 Denial of Service Vulnerability<\/h3>\n

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.<\/p>\n

CVE-2019-0981<\/a><\/p>\n

<\/a>CVE-2019-0864 \u2013 Denial of Service Vulnerability<\/h3>\n

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how .NET Framework handle objects in heap memory.<\/p>\n

CVE-2019-0864<\/a><\/p>\n

<\/a>Getting the Update<\/h2>\n

The Cumulative Update and Security and Quality Rollup are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.\u00a0 The Security Only Update is available via\u00a0Windows Server Update Services and Microsoft Update Catalog.<\/p>\n

<\/a>Microsoft Update Catalog<\/h3>\n

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available\u00a0via Windows Update, Windows Server Update Services, Microsoft Update Catalog.\u00a0 Updates for other versions of\u00a0.NET Framework are part of the Windows 10 Monthly Cumulative Update.<\/p>\n

The following table is for Windows 10 and Windows Server 2016+ versions.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Product Version<\/th>\nCumulative Update<\/th>\n<\/tr>\n<\/thead>\n
Windows 10 1903 (May 2019 Update)<\/strong><\/td>\n\n4502507<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.8<\/td>\nCatalog<\/a>\n4495620<\/a><\/td>\n<\/tr>\n
Windows 10 1809 (October 2018 Update)\nWindows Server 2019<\/strong><\/td>\n\n4466961<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.7.2<\/td>\nCatalog<\/a>\n4495590<\/a><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.8<\/td>\nCatalog<\/a>\n4495618<\/a><\/td>\n<\/tr>\n
Windows 10 1803 (April 2018 Update)<\/strong><\/td>\n\n4498144<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.7.2<\/td>\nCatalog<\/a>\n4499167<\/a><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495616<\/a><\/td>\n<\/tr>\n
Windows 10 1709 (Fall Creators Update)<\/strong><\/td>\n\n4498143<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.7.1, 4.7.2<\/td>\nCatalog<\/a>\n4499179<\/a><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495613<\/a><\/td>\n<\/tr>\n
Windows 10 1703 (Creators Update)<\/strong><\/td>\n\n4498142<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2<\/td>\nCatalog<\/a>\n4499181<\/a><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495611<\/a><\/td>\n<\/tr>\n
Windows 10 1607 (Anniversary Update)\nWindows Server 2016<\/strong><\/td>\n\n4498141<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\nCatalog<\/a>\n4494440<\/a><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495610<\/a><\/td>\n<\/tr>\n
Windows 10 1507<\/strong><\/td>\n\n4499154<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2<\/td>\nCatalog<\/a>\n4499154<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

The following table is for earlier Windows and Windows Server versions.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Product Version<\/th>\nSecurity and Quality Rollup<\/th>\nSecurity Only Update<\/th>\n<\/tr>\n<\/thead>\n
Windows 8.1\nWindows RT 8.1\nWindows Server 2012 R2<\/strong><\/td>\n\nCatalog<\/a>\n4499408<\/a><\/strong><\/td>\n\nCatalog<\/a>\n4498963<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\nCatalog<\/a>\n4495608<\/a><\/td>\n\nCatalog<\/a>\n4495615<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\nCatalog<\/a>\n4495592<\/a><\/td>\n\nCatalog<\/a>\n4495589<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\nCatalog<\/a>\n4495585<\/a><\/td>\n\nCatalog<\/a>\n4495586<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495624<\/a><\/td>\n\nCatalog<\/a>\n4495625<\/a><\/strong><\/td>\n<\/tr>\n
Windows Server 2012<\/strong><\/td>\nCatalog<\/a>\n4499407<\/a><\/strong><\/td>\nCatalog<\/a>\n4498962<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5<\/td>\nCatalog<\/a>\n4480061<\/a><\/td>\n\nCatalog<\/a>\n4495607<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\nCatalog<\/a>\n4495594<\/a><\/td>\n\nCatalog<\/a>\n4495591<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\nCatalog<\/a>\n4495582<\/a><\/td>\n\nCatalog<\/a>\n4495584<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495622<\/a><\/td>\n\nCatalog<\/a>\n4495623<\/a><\/strong><\/td>\n<\/tr>\n
Windows 7 SP1\nWindows Server 2008 R2 SP1<\/strong><\/td>\n\nCatalog<\/a>\n4499406<\/a><\/strong><\/td>\n\nCatalog<\/a>\n4498961<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 3.5.1<\/td>\nCatalog<\/a>\n4495606<\/a><\/td>\n\nCatalog<\/a>\n4495612<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\nCatalog<\/a>\n4495596<\/a><\/td>\n\nCatalog<\/a>\n4495593<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\nCatalog<\/a>\n4495588<\/a><\/td>\n\nCatalog<\/a>\n4495587<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.8<\/td>\nCatalog<\/a>\n4495627<\/a><\/td>\n\nCatalog<\/a>\n4495627<\/a><\/strong><\/td>\n<\/tr>\n
Windows Server 2008<\/strong><\/td>\n\nCatalog<\/a>\n4499409<\/a><\/strong><\/td>\n\nCatalog<\/a>\n4498964<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 2.0, 3.0<\/td>\nCatalog<\/a>\n4495604<\/a><\/td>\n\nCatalog<\/a>\n4495609<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.5.2<\/td>\nCatalog<\/a>\n4495596<\/a><\/td>\n\nCatalog<\/a>\n4495593<\/a><\/strong><\/td>\n<\/tr>\n
.NET Framework 4.6<\/td>\nCatalog<\/a>\n4495588<\/a><\/td>\n\nCatalog<\/a>\n4495587<\/a><\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/h3>\n

<\/a>Docker Images<\/h3>\n

We are updating the following .NET Framework Docker images for today’s release:<\/p>\n