1. IT-Security >
  2. Programmierung >
  3. .NET Framework December 2018 Security and Quality Rollup


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

.NET Framework December 2018 Security and Quality Rollup

RSS Kategorie Pfeil Programmierung vom | Quelle: blogs.msdn.microsoft.com Direktlink öffnen

Today, we are releasing the December 2018 Security and Quality Rollup.

Security

CVE-2018-8540 – Windows Remote Code Execution Vulnerability

This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn’t validate input correctly. The attacker who successfully exploits this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who are granted administrative user rights.

To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods.

This security update addresses the vulnerability by correcting how .NET Framework validates input.

To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+.

Product Version Security and Quality Rollup KB
Windows 10 1809 (October 2018 Update)
Windows Server 2019
Catalog
4470502
.NET Framework 3.5 4470502
.NET Framework 4.7.2 4470502
Windows 10 1803 (April 2018 Update) Catalog
4471324
.NET Framework 3.5 4471324
.NET Framework 4.7.2 4471324
Windows 10 1709 (Fall Creators Update) Catalog
4471329
.NET Framework 3.5 4471329
.NET Framework 4.7.1, 4.7.2 4471329
Windows 10 1703 (Creators Update) Catalog
4471327
.NET Framework 3.5 4471327
.NET Framework 4.7, 4.7.1, 4.7.2 4471327
Windows 10 1607 (Anniversary Update)
Windows Server 2016
Catalog
4471321
.NET Framework 3.5 4471321
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 4471321
Windows 10 1507 Catalog
4471323
.NET Framework 3.5 4471323
.NET Framework 4.6, 4.6.1, 4.6.2 4471323

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup KB Security Only Update KB
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2
Catalog
4471989
Catalog
4471983
.NET Framework 3.5 4470630 4470602
.NET Framework 4.5.2 4470622 4470491
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4470639 4470499
Windows Server 2012 Catalog
4471988
Catalog
4471982
.NET Framework 3.5 4470629 4470601
.NET Framework 4.5.2 4470623 4470492
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4470638 4470498
Windows 7
Windows Server 2008 R2
Catalog
4471987
Catalog
4471984
.NET Framework 3.5.1 4470641 4470600
.NET Framework 4.5.2 4470637 4470493
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4470640 4470500
Windows Server 2008 Catalog
4471990
Catalog
4471984
.NET Framework 3.5 SP1 4471102 4470633
.NET Framework 4.5.2 4470637 4470493
.NET Framework 4.6 4470640 4470500

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu .NET Framework December 2018 Security and Quality Rollup






Ähnliche Beiträge

  • 1. CentOS Blog: CentOS Pulse Newsletter, January 2019 (#1901) vom 916.79 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, We wish you a happy and prosperous 2019, full of CentOS! Releases and updates SIG updates Events Contributing to the newsletter Releases and updates December was a very busy month for releases and updates. The following releases a
  • 2. CentOS Blog: CentOS Pulse Newsletter, January 2019 (#1901) vom 916.79 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, We wish you a happy and prosperous 2019, full of CentOS! Releases and updates SIG updates Events Contributing to the newsletter Releases and updates December was a very busy month for releases and updates. The following releases a
  • 3. CentOS Blog: CentOS Pulse Newsletter, January 2019 (#1901) vom 916.79 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, We wish you a happy and prosperous 2019, full of CentOS! Releases and updates SIG updates Events Contributing to the newsletter Releases and updates December was a very busy month for releases and updates. The following releases a
  • 4. .NET Framework May 2019 Security and Quality Rollup vom 620.96 Punkte ic_school_black_18dp
    Today, we are releasing the May 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update. Security CVE-2019-0820 – Denial of Service Vulnerability A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploi
  • 5. .NET Framework December 2018 Security and Quality Rollup vom 551.26 Punkte ic_school_black_18dp
    Today, we are releasing the December 2018 Security and Quality Rollup. Security CVE-2018-8540 – Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn
  • 6. Announcing .NET Core 3 Preview 1 and Open Sourcing Windows Desktop Frameworks vom 544.79 Punkte ic_school_black_18dp
    Today, we are announcing .NET Core 3 Preview 1. It is the first public release of .NET Core 3. We have some exciting new features to share and would love your feedback. You can develop .NET Core 3 applications with Visual Studio 2019 Preview 1, Visual Stu
  • 7. .NET Framework November 2018 Preview of Quality Rollup vom 457.08 Punkte ic_school_black_18dp
    Today, we are releasing the November 2018 Preview of Quality Rollup. Quality and Reliability This release contains the following quality and reliability improvements. CLR Addressed an issue with KB4096417 where we switched to CLR-implemented wri
  • 8. .NET Framework November 2018 Preview of Quality Rollup vom 457.08 Punkte ic_school_black_18dp
    Today, we are releasing the November 2018 Preview of Quality Rollup. Quality and Reliability This release contains the following quality and reliability improvements. CLR Addressed an issue with KB4096417 where we switched to CLR-implemented wri
  • 9. Migrating a Sample WPF App to .NET Core 3 (Part 1) vom 450.34 Punkte ic_school_black_18dp
    Olia recently wrote a post about how to port a WinForms app from .NET Framework to .NET Core. Today, I’d like to follow that up by walking through the steps to migrate a sample WPF app to .NET Core 3. Many of these steps will be familiar from Olia
  • 10. Azure Marketplace new offers – Volume 37 vom 354.55 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. For this volume, 163 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Applications Accela Civic Platform and Civic Applications: Accela's fast-t
  • 11. Migrating a Sample WPF App to .NET Core 3 (Part 2) vom 333.08 Punkte ic_school_black_18dp
    In part 1 of this blog series, I began the process of porting a sample WPF app to .NET Core. In that post, I described the .NET Core migration process as having four steps: We previously went through the first two steps – reviewing the app and its depe
  • 12. Azure Marketplace new offers – Volume 38 vom 309.23 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. For this volume, 121 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Applications AGIR Segurança Cibernética - Certificação PCI DSS: Obtain