.NET Framework September 2018 Security and Quality Rollup

Tara

September 11th, 2018

Updated: September 21, 2018

SharePoint workflows may stop working after installing this update. See SharePoint workflows stop working after you install .NET security updates for CVE-2018-8421 for further guidance.

Today, we are releasing the September 2018 Security and Quality Rollup.

Security

CVE-2018-8421 – Windows Remote Code Execution Vulnerability

This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when .NET Framework processes untrusted input. An attacker who successfully exploits this vulnerability in software by using .NET Framework could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would first have to convince the user to open a malicious document or application. This security update addresses the vulnerability by correcting how .NET Framework validates untrusted input.

CVE-2018-8421

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+.

Product Version Security and Quality Rollup KB Windows 10 1803 (April 2018 Update) Catalog 4457128 .NET Framework 3.5 4457128 .NET Framework 4.7.2 4457128 Windows 10 1709 (Fall Creators Update) Catalog 4457142 .NET Framework 3.5 4457142 .NET Framework 4.7.1, 4.7.2 4457142 Windows 10 1703 (Creators Update) Catalog 4457138 .NET Framework 3.5 4457138 .NET Framework 4.7, 4.7.1, 4.7.2 4457138 Windows 10 1607 (Anniversary Update) Windows Server 2016 Catalog 4457131 .NET Framework 3.5 4457131 .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 4457131 Windows 10 1507 Catalog 4457132 .NET Framework 3.5 4457132 .NET Framework 4.6, 4.6.1, 4.6.2 4457132

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup KB Security Only Update KB Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Catalog 4457920 Catalog 4457916 .NET Framework 3.5 4457045 4457056 .NET Framework 4.5.2 4457036 4457028 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4457034 4457026 Windows Server 2012 Catalog 4457919 Catalog 4457915 .NET Framework 3.5 4457042 4457053 .NET Framework 4.5.2 4457037 4457029 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4457033 4457025 Windows 7 Windows Server 2008 R2 Catalog 4457918 Catalog 4457914 .NET Framework 3.5.1 4457044 4457055 .NET Framework 4.5.2 4457038 4457030 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4457035 4457027 Windows Server 2008 Catalog 4457921 Catalog 4457917 .NET Framework 2.0, 3.0 4457043 4457054 .NET Framework 4.5.2 4457038 4457030 .NET Framework 4.6 4457035 4457027

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience: