Today, we are releasing the November 2018 Security and Quality Rollup.
See .NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog! for separately available reliability updates for the .NET Framework 4.7.1.
Security
CVE-2018-0786 – Security Feature Bypass in X509 Certificate Validation
Microsoft is aware of a security vulnerability in the public versions of .NET Core where an attacker could present a certificate that is marked invalid for a specific use, but a component uses it for that purpose. This action disregards the Enhanced Key Usage tagging.
The security update addresses the vulnerability by ensuring that .NET Core components completely validate certificates.
CVE-2018-0764 – Denial of Service when parsing XML documents
Microsoft is aware of a Denial of Service vulnerability in all public versions of .NET core due to improper processing of XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.
The update addresses the vulnerability by correcting how .NET core handles XML document processing.
Quality and Reliability
This release contains no new quality and reliability improvements.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
| Product Version | Security and Quality Rollup KB | Security Rollup KB |
|---|---|---|
| Windows 10 1709 (Fall Creators Update) | Catalog 4056892 |
N/A |
| .NET Framework 3.5 | 4056892 | N/A |
| .NET Framework 4.7.1 | 4056892 | N/A |
| Windows 10 1703 (Creators Update) | Catalog 4056891 |
N/A |
| .NET Framework 3.5 | 4056891 | N/A |
| .NET Framework 4.7 | 4056891 | N/A |
| Windows 10 1607 (Anniversary Update) | Catalog 4056890 |
N/A |
| .NET Framework 3.5 | 4056890 | N/A |
| .NET Framework 4.6.2, 4.7 | 4056890 | N/A |
| Windows 10 1511 | Catalog 4056888 |
N/A |
| .NET Framework 3.5 | 4056888 | N/A |
| .NET Framework 4.6.1 | 4056888 | N/A |
| Windows 10 1507 | Catalog 4056893 |
N/A |
| .NET Framework 3.5 | 4056893 | N/A |
| .NET Framework 4.6 | 4056893 | N/A |
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4055266 |
Catalog 4055271 |
| .NET Framework 3.5 | 4054999 | 4054177 |
| .NET Framework 4.5.2 | 4054993 | 4054170 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 | 4055001 | 4054182 |
| Windows Server 2012 | Catalog 4055265 |
Catalog 4055270 |
| .NET Framework 3.5 | 4054997 | 4054175 |
| .NET Framework 4.5.2 | 4054994 | 4054171 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 | 4055000 | 4054181 |
| Windows Server 2008 | Catalog 4055267 |
Catalog 4055272 |
| .NET Framework 2.0, 3.0 | 4054996 | 4054174 |
| .NET Framework 4.5.2 | 4054995 | 4054172 |
| .NET Framework 4.6 | 4055002 | 4054183 |
Docker Images
Docker images have been updated as part of today’s release (actually, a few days ago).
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
- November 2017 Security and Quality Rollup
- October 2017 Preview of Quality Rollup
- October 2017 Security and Quality Rollup
- September 2017 Preview of Quality Rollup
- September 2017 Security and Quality Rollup
Other Updates: