Today, we are releasing the August 2018 Security and Quality Rollup.
Security
CVE-2018-8360 – Windows Information Disclosure Vulnerability
This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections in which content from one stream can blend into another stream.
To exploit the vulnerability, an attacker who can access one tenant in a high-load/high-density environment could potentially trigger multi-tenanted data exposure from one customer to another.
This security update addresses the vulnerability by correcting the way that .NET Framework handles high-load/high-density network connections.
Quality and Reliability
This release contains the following quality and reliability improvements.
CLR
- Applications that rely on COM components were failing to load or run correctly because of “access denied”, “class not registered”, or “internal failure occurred for unknown reasons” errors described in 4345913 and Blog Advisory. [651528]
Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
The following table is for Windows 10 and Windows Server 2016+.
| Product Version | Security and Quality Rollup KB |
|---|---|
| Windows 10 1803 (April 2018 Update) | Catalog 4343909 |
| .NET Framework 3.5 | 4343909 |
| .NET Framework 4.7.2 | 4343909 |
| Windows 10 1709 (Fall Creators Update) | Catalog 4343897 |
| .NET Framework 3.5 | 4343897 |
| .NET Framework 4.7.1 | 4343897 |
| Windows 10 1703 (Creators Update) | Catalog 4343885 |
| .NET Framework 3.5 | 4343885 |
| .NET Framework 4.7, 4.7.1 | 4343885 |
| Windows 10 1607 (Anniversary Update) Windows Server 2016 |
Catalog 4343887 |
| .NET Framework 3.5 | 4343887 |
| .NET Framework 4.6.2, 4.7, 4.7.1 | 4343887 |
| Windows 10 1507 | Catalog 4343892 |
| .NET Framework 3.5 | 4343892 |
| .NET Framework 4.6, 4.6.1, 4.6.2 | 4343892 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup KB | Security Only Update KB |
|---|---|---|
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4345592 |
Catalog 4345681 |
| .NET Framework 3.5 | 4344153 | 4344178 |
| .NET Framework 4.5.2 | 4344147 | 4344171 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4344145 | 4344166 |
| Windows Server 2012 | Catalog 4345591 |
Catalog 4345680 |
| .NET Framework 3.5 | 4344150 | 4344175 |
| .NET Framework 4.5.2 | 4344148 | 4344172 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4344144 | 4344165 |
| Windows 7 Windows Server 2008 R2 |
Catalog 4345590 |
Catalog 4345679 |
| .NET Framework 3.5.1 | 4344152 | 4344177 |
| .NET Framework 4.5.2 | 4344149 | 4344173 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4344146 | 4344167 |
| Windows Server 2008 | Catalog 4345593 |
Catalog 4345682 |
| .NET Framework 2.0, 3.0 | 4344151 | 4344176 |
| .NET Framework 4.5.2 | 4344149 | 4344173 |
| .NET Framework 4.6 | 4344146 | 4344167 |
Docker Images
We are updating the following .NET Framework Docker images for today’s release:
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience: