.NET Framework April 2017 Monthly Rollup

Update (2017/04/20): Known issue added for the release.

Today, we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. You can read the April 2017 Security Updates Release Notes to learn about all changes being released today.

Known issue with the release: “Privilege not held” error with PowerShell “stop-computer” command: Workaround after April 2017 security updates from CVE-2017-0160.

Security

Microsoft Common Vulnerabilities and Exposures CVE17-0160

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.

Note: You can also search for the security update at Security TechCenter. Search for “CVE” 17-0160.

Quality and Reliability

There are no quality and reliability changes this month.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog. The Windows 10 updates are integrated with the Windows 10 Monthly Update, available via Windows Update.

See .NET Framework Deployment tables for detailed deployment information on the release.

See the table below to learn about version applicability and more detailed release-specific information.

Windows Version .NET Version Rollup KB Security-only KB
Windows 10 Creators Update .NET Framework 3.5 and 4.7 4015583 N/A
Windows 10 Anniversary Update and Windows Server 2016 .NET Framework 3.5 and 4.6.2 4015217 N/A
Windows 10 1511 Update .NET Framework 3.5 and 4.6.1 4015219 N/A
Windows 10 RTM .NET Framework 3.5 and 4.6 4015221 N/A
Windows 8.1 and Windows Server 2012 R2 .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 4014983 4014987
Windows Server 2012 .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 4014982 4014986
Windows 7 and Windows Server 2008 R2 .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 4014981 4014985
Windows Vista SP2 and Windows Server 2008 SP2 .NET Framework 3.5, 4.5.2, and 4.6 4014984 4014988

Docker Images

The Windows ServerCoreIIS.NET Framework, and ASP.NET Docker images have been updated to include the Monthly Rollup. Pulling the latest image will update your local Docker image cache.

Previous Monthly Rollups

The last couple .NET Framework Rollup updates are listed below for your convenience:

Note: Previously released security and quality updates are included in today’s release.

More Information

You can read the .NET Framework Monthly Rollups Explained to learn more about how the .NET Framework is updated.