Today, we are releasing the September 2018 Security and Quality Rollup.
Security
CVE-2018-8421 – Windows Remote Code Execution Vulnerability
This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when .NET Framework processes untrusted input. An attacker who successfully exploits this vulnerability in software by using .NET Framework could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would first have to convince the user to open a malicious document or application.
This security update addresses the vulnerability by correcting how .NET Framework validates untrusted input.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
The following table is for Windows 10 and Windows Server 2016+.
| Product Version | Security and Quality Rollup KB |
|---|---|
| Windows 10 1803 (April 2018 Update) | Catalog 4457128 |
| .NET Framework 3.5 | 4457128 |
| .NET Framework 4.7.2 | 4457128 |
| Windows 10 1709 (Fall Creators Update) | Catalog 4457142 |
| .NET Framework 3.5 | 4457142 |
| .NET Framework 4.7.1, 4.7.2 | 4457142 |
| Windows 10 1703 (Creators Update) | Catalog 4457138 |
| .NET Framework 3.5 | 4457138 |
| .NET Framework 4.7, 4.7.1, 4.7.2 | 4457138 |
| Windows 10 1607 (Anniversary Update) Windows Server 2016 |
Catalog 4457131 |
| .NET Framework 3.5 | 4457131 |
| .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 | 4457131 |
| Windows 10 1507 | Catalog 4457132 |
| .NET Framework 3.5 | 4457132 |
| .NET Framework 4.6, 4.6.1, 4.6.2 | 4457132 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup KB | Security Only Update KB |
|---|---|---|
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4457920 |
Catalog 4457916 |
| .NET Framework 3.5 | 4457045 | 4457056 |
| .NET Framework 4.5.2 | 4457036 | 4457028 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4457034 | 4457026 |
| Windows Server 2012 | Catalog 4457919 |
Catalog 4457915 |
| .NET Framework 3.5 | 4457042 | 4457053 |
| .NET Framework 4.5.2 | 4457037 | 4457029 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4457033 | 4457025 |
| Windows 7 Windows Server 2008 R2 |
Catalog 4457918 |
Catalog 4457914 |
| .NET Framework 3.5.1 | 4457044 | 4457055 |
| .NET Framework 4.5.2 | 4457038 | 4457030 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4457035 | 4457027 |
| Windows Server 2008 | Catalog 4457921 |
Catalog 4457917 |
| .NET Framework 2.0, 3.0 | 4457043 | 4457054 |
| .NET Framework 4.5.2 | 4457038 | 4457030 |
| .NET Framework 4.6 | 4457035 | 4457027 |
Docker Images
We are updating the following .NET Framework Docker images for today’s release:
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience: