Today, we are releasing the May 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update.
Security
CVE-2019-0820 – Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing.
CVE-2019-0980 – Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.
CVE-2019-0981 – Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.
CVE-2019-0864 – Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how .NET Framework handle objects in heap memory.
Getting the Update
The Cumulative Update and Security and Quality Rollup are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.
The following table is for Windows 10 and Windows Server 2016+ versions.
| Product Version | Cumulative Update |
|---|---|
| Windows 10 1903 (May 2019 Update) | 4502507 |
| .NET Framework 3.5, 4.8 | Catalog 4495620 |
| Windows 10 1809 (October 2018 Update) Windows Server 2019 |
4466961 |
| .NET Framework 3.5, 4.7.2 | Catalog 4495590 |
| .NET Framework 3.5, 4.8 | Catalog 4495618 |
| Windows 10 1803 (April 2018 Update) | 4498144 |
| .NET Framework 3.5, 4.7.2 | Catalog 4499167 |
| .NET Framework 4.8 | Catalog 4495616 |
| Windows 10 1709 (Fall Creators Update) | 4498143 |
| .NET Framework 3.5, 4.7.1, 4.7.2 | Catalog 4499179 |
| .NET Framework 4.8 | Catalog 4495613 |
| Windows 10 1703 (Creators Update) | 4498142 |
| .NET Framework 3.5, 4.7, 4.7.1, 4.7.2 | Catalog 4499181 |
| .NET Framework 4.8 | Catalog 4495611 |
| Windows 10 1607 (Anniversary Update) Windows Server 2016 |
4498141 |
| .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4494440 |
| .NET Framework 4.8 | Catalog 4495610 |
| Windows 10 1507 | 4499154 |
| .NET Framework 3.5, 4.6, 4.6.1, 4.6.2 | Catalog 4499154 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup | Security Only Update |
|---|---|---|
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4499408 |
Catalog 4498963 |
| .NET Framework 3.5 | Catalog 4495608 |
Catalog 4495615 |
| .NET Framework 4.5.2 | Catalog 4495592 |
Catalog 4495589 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4495585 |
Catalog 4495586 |
| .NET Framework 4.8 | Catalog 4495624 |
Catalog 4495625 |
| Windows Server 2012 | Catalog 4499407 |
Catalog 4498962 |
| .NET Framework 3.5 | Catalog 4480061 |
Catalog 4495607 |
| .NET Framework 4.5.2 | Catalog 4495594 |
Catalog 4495591 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4495582 |
Catalog 4495584 |
| .NET Framework 4.8 | Catalog 4495622 |
Catalog 4495623 |
| Windows 7 SP1 Windows Server 2008 R2 SP1 |
Catalog 4499406 |
Catalog 4498961 |
| .NET Framework 3.5.1 | Catalog 4495606 |
Catalog 4495612 |
| .NET Framework 4.5.2 | Catalog 4495596 |
Catalog 4495593 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4495588 |
Catalog 4495587 |
| .NET Framework 4.8 | Catalog 4495627 |
Catalog 4495627 |
| Windows Server 2008 | Catalog 4499409 |
Catalog 4498964 |
| .NET Framework 2.0, 3.0 | Catalog 4495604 |
Catalog 4495609 |
| .NET Framework 4.5.2 | Catalog 4495596 |
Catalog 4495593 |
| .NET Framework 4.6 | Catalog 4495588 |
Catalog 4495587 |
Docker Images
We are updating the following .NET Framework Docker images for today’s release:
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
- March 2019 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
- March 2019 Update
- February 2019 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
- February 2019 Preview of Quality Rollup
- February 2019 Security and Quality Rollup
The post .NET Framework May 2019 Security and Quality Rollup appeared first on .NET Blog.