Updated: January 22, 2018
Today, we are releasing the January 2018 Security and Quality Rollup.
An issue with the January 2018 Monthly Rollup was found on Windows 7 and Windows Server 2008 R2 if .NET Framework 4.7.1 was already installed. It has been resolved. The download links for these Windows versions have been updated in the table below. See .NET Framework January 2018 Rollup Known Issue KB4074906 – “TypeInitializationException” or “FileFormatException” error in WPF applications for more information for more information.
See .NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog! for separately available reliability updates for the .NET Framework 4.7.1.
CVE-2018-0786 – A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates.
An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings.
The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.
CVE-2018-0764 – A Denial of Service vulnerability exists when .NET Framework, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application.
The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing.
This release contains no new quality and reliability improvements.
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
|Product Version||Security and Quality Rollup KB||Security Rollup KB|
|Windows 10 1709 (Fall Creators Update)||Catalog
|.NET Framework 3.5||4056892||N/A|
|.NET Framework 4.7.1||4056892||N/A|
|Windows 10 1703 (Creators Update)||Catalog
|.NET Framework 3.5||4056891||N/A|
|.NET Framework 4.7, 4.7.1||4056891||N/A|
|Windows 10 1607 (Anniversary Update)||Catalog
|.NET Framework 3.5||4056890||N/A|
|.NET Framework 4.6.2, 4.7||4056890||N/A|
|Windows 10 1511||Catalog
|.NET Framework 3.5||4056888||N/A|
|.NET Framework 4.6.1, 4.6.2||4056888||N/A|
|Windows 10 1507||Catalog
|.NET Framework 3.5||4056893||N/A|
|.NET Framework 4.6, 4.6.1, 4.6.2||4056893||N/A|
Windows RT 8.1
Windows Server 2012 R2
|.NET Framework 3.5||4054999||4054177|
|.NET Framework 4.5.2||4054993||4054170|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1||4055001||4054182|
|Windows Server 2012||Catalog
|.NET Framework 3.5||4054997||4054175|
|.NET Framework 4.5.2||4054994||4054171|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1||4055000||4054181|
Windows Server 2008 R2
|.NET Framework 3.5.1||4054998||4054176|
|.NET Framework 4.5.2||4054995||4054172|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1||4074880||4054183|
|Windows Server 2008||Catalog
|.NET Framework 2.0, 3.0||4054996||4054174|
|.NET Framework 4.5.2||4054995||4054172|
|.NET Framework 4.6||4055002||4054183|
An issue has been found in the .NET Framework January 2018 Security and Quality Rollup (KB 4055002), applicable to .NET Framework 4.7.1 installed on either Windows 7 and Windows Server 2008 R2. The .NET team has fixed the issue and re-released the January 2018 Monthly Rollup as KB 4074880.
Microsoft has released a Fixit tool for KB4074906. It replaces the corrupted font file with the correct version.
- Close any open running applications, particularly if you know that they use the .NET Framework.
- Download and execute Fixit tool for KB4074906 from an Administrator command prompt (will prompt for Administrator permissions otherwise).
- Re-launch your .NET Framework application(s) and note that the issue has been resolved.
- The Fixit tool is only meant to be used on affected systems. It will only complete the repair work on systems that match the applicability and symptoms described above.
- If you are running the tool programmatically and/or want to check for success status via tool return codes, launch the tool as a new process and wait for it to terminate (e.g. “start /wait FixItTool-KB4074906.exe”). Depending on your systems management environment this may happen by default.
You can use the following commands to run the tool and determine the return code.
C:\KB4074906>start /wait FixItTool-KB4074906.exe C:\KB4074906>echo %errorlevel%
The follow table lists the error codes that the tool outputs:
|File in Use||33|
Docker ImagesSee .NET Framework January 2018 Rollup Known Issue KB4074906 – “TypeInitializationException” or “FileFormatException” error in WPF applications for more information.
Docker images have been updated as part of today’s release (actually, a few days ago).
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.
The last few .NET Framework Monthly updates are listed below for your convenience:
- November 2017 Security and Quality Rollup
- October 2017 Preview of Quality Rollup
- October 2017 Security and Quality Rollup
- September 2017 Preview of Quality Rollup
- September 2017 Security and Quality Rollup