.NET Framework December 2016 Monthly Rollup is Now Available

Today we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. This release resolves a security vulnerability and includes two new quality and reliability improvements. The Security and Quality Rollup is available via Windows Update, Windows Server Update Services and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

You can read more about the recent changes to how the .NET Framework receives updates on the .NET Framework Monthly Rollups Explained post.

Security

This release resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature. The security update addresses the vulnerability by correcting the way .NET Framework handles the developer-supplied key, and thus properly defends the data. This security update is rated Important for Microsoft .NET Framework 4.6.2. To learn more about the vulnerability, see Microsoft Security Bulletin MS16-155.

Quality and Reliability

Common Language Runtime

When an application uses unaligned block initialization, for example, from managed C++, the code generated on AVX2 hardware has an error. As a result, if the JIT uses a register other than xmm0 for the source, an incorrect encoding will be used. This improvement applies .NET Framework 4.6 and 4.6.1.

Windows Presentation Foundation

A memory leak may occur for certain scenarios when an application includes a D3DImage control. For example, if you started an application, changed both the size and content of the image and then ran the application through Remote Desktop. This improvement applies .NET Framework 4.5.2, 4.6 and 4.6.1.

More Information

Additional information on what is included in each of the rollups along with the applicable operating systems can be found on their associated knowledge base articles, listed below.

Security and Quality Rollup

KB Article .NET Version Operating System
3210142 .NET Frameworks 3.5, 4.5.2, and 4.6 Windows Vista SP2 and Windows Server 2008 SP2
3205402 .NET Frameworks 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 Windows 7 and Windows Server 2008 R2
3205403 .NET Frameworks 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 Windows Server 2012
3205404 .NET Frameworks 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 Windows 8.1 and Windows Server 2012 R2

Security Only Update

KB Article .NET Version Operating System
3205406 .NET Framework 4.6.2 Windows 7 and Windows Server 2008 R2
3205407 .NET Framework 4.6.2 Windows Server 2012
3205410 .NET Framework 4.6.2 Windows 8.1 and Windows Server 2012 R2