Update (2017/04/20): Known issue added for the release.
Today, we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. You can read the April 2017 Security Updates Release Notes to learn about all changes being released today.
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.
Note: You can also search for the security update at Security TechCenter. Search for “CVE” 17-0160.
There are no quality and reliability changes this month.
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog. The Windows 10 updates are integrated with the Windows 10 Monthly Update, available via Windows Update.
See .NET Framework Deployment tables for detailed deployment information on the release.
See the table below to learn about version applicability and more detailed release-specific information.
|Windows Version||.NET Version||Rollup KB||Security-only KB|
|Windows 10 Creators Update||.NET Framework 3.5 and 4.7||4015583||N/A|
|Windows 10 Anniversary Update and Windows Server 2016||.NET Framework 3.5 and 4.6.2||4015217||N/A|
|Windows 10 1511 Update||.NET Framework 3.5 and 4.6.1||4015219||N/A|
|Windows 10 RTM||.NET Framework 3.5 and 4.6||4015221||N/A|
|Windows 8.1 and Windows Server 2012 R2||.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2||4014983||4014987|
|Windows Server 2012||.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2||4014982||4014986|
|Windows 7 and Windows Server 2008 R2||.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2||4014981||4014985|
|Windows Vista SP2 and Windows Server 2008 SP2||.NET Framework 3.5, 4.5.2, and 4.6||4014984||4014988|
The last couple .NET Framework Rollup updates are listed below for your convenience:
Note: Previously released security and quality updates are included in today’s release.
You can read the .NET Framework Monthly Rollups Explained to learn more about how the .NET Framework is updated.