Yesterday, we released the February 2019 Security and Quality Rollup.
Security
CVE-2019-0613 – Remote Code Execution Vulnerability
This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who have administrative user rights.
CVE-2019-0657 – Domain Spoofing Vulnerability
This security update resolves a vulnerability in certain .NET Framework APIs that parse URLs. An attacker who successfully exploits this vulnerability could use it to bypass security logic that’s intended to make sure that a user-provided URL belonged to a specific host name or a subdomain of that host name. This could be used to cause privileged communication to be made to an untrusted service as if it were a trusted service.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
The following table is for Windows 10 and Windows Server 2016+ versions.
| Product Version | Security and Quality Rollup KB |
|---|---|
| Windows 10 1809 (October 2018 Update) Windows Server 2019 |
Catalog 4483452 |
| .NET Framework 3.5, 4.7.2 | 4483452 |
| Windows 10 1803 (April 2018 Update) | Catalog 4487017 |
| .NET Framework 3.5, 4.7.2 | 4487017 |
| Windows 10 1709 (Fall Creators Update) | Catalog 4486996 |
| .NET Framework 3.5, 4.7.1, 4.7.2 | 4486996 |
| Windows 10 1703 (Creators Update) | Catalog 4487020 |
| .NET Framework 3.5, 4.7, 4.7.1, 4.7.2 | 4487020 |
| Windows 10 1607 (Anniversary Update) Windows Server 2016 |
Catalog 4487026 |
| .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4487026 |
| Windows 10 1507 | Catalog 4487018 |
| .NET Framework 3.5, 4.6, 4.6.1, 4.6.2 | 4487018 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup KB | Security Only Update KB |
|---|---|---|
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4487080 |
Catalog 4487124 |
| .NET Framework 3.5 | Catalog 4483459 |
Catalog 4483484 |
| .NET Framework 4.5.2 | Catalog 4483453 |
Catalog 4483472 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4483450 |
Catalog 4483469 |
| Windows Server 2012 | Catalog 4487079 |
Catalog 4487122 |
| .NET Framework 3.5 | Catalog 4483456 |
Catalog 4483481 |
| .NET Framework 4.5.2 | Catalog 4483454 |
Catalog 4483473 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4483449 |
Catalog 4483468 |
| Windows 7 SP1 Windows Server 2008 R2 SP1 |
Catalog 4487078 |
Catalog 4487121 |
| .NET Framework 3.5.1 | Catalog 4483458 |
Catalog 4483483 |
| .NET Framework 4.5.2 | Catalog 4483455 |
Catalog 4483474 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4483451 |
Catalog 4483470 |
| Windows Server 2008 | Catalog 4487081 |
Catalog 4487124 |
| .NET Framework 2.0, 3.0 | Catalog 4483457 |
Catalog 4483482 |
| .NET Framework 4.5.2 | Catalog 4483455 |
Catalog 4483474 |
| .NET Framework 4.6 | Catalog 4483451 |
Catalog 4483470 |
Docker Images
We are updating the following .NET Framework Docker images for today’s release:
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
- January 22, 2018 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
- January 2019 Preview of Quality Rollup
- January 2019 Security and Quality Rollup
- December 2018 Security and Quality Rollup
- November 2018 Preview of Cumulative Update for Windows 10 version 1809 and Windows Server 2019