Updated: January 25, 2018
Today, we are releasing the January 2018 Security and Quality Rollup.
An issue with the January 2018 Monthly Rollup was found on Windows 7 and Windows Server 2008 R2 if .NET Framework 4.7.1 was already installed. It has been resolved. The download links for these Windows versions have been updated in the table below. A fixit tool has also be released to fix affected machines. See .NET Framework January 2018 Rollup Known Issue KB4074906 – “TypeInitializationException” or “FileFormatException” error in WPF applications for more information.
See .NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog! for separately available reliability updates for the .NET Framework 4.7.1.
CVE-2018-0786 – A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates.
An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings.
The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.
CVE-2018-0764 – A Denial of Service vulnerability exists when .NET Framework, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application.
The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing.
This release contains no new quality and reliability improvements.
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
|Product Version||Security and Quality Rollup KB||Security-only Update KB|
|Windows 10 1709 (Fall Creators Update)||Catalog
|.NET Framework 3.5||4056892||N/A|
|.NET Framework 4.7.1||4056892||N/A|
|Windows 10 1703 (Creators Update)||Catalog
|.NET Framework 3.5||4056891||N/A|
|.NET Framework 4.7, 4.7.1||4056891||N/A|
|Windows 10 1607 (Anniversary Update)||Catalog
|.NET Framework 3.5||4056890||N/A|
|.NET Framework 4.6.2, 4.7||4056890||N/A|
|Windows 10 1511||Catalog
|.NET Framework 3.5||4056888||N/A|
|.NET Framework 4.6.1, 4.6.2||4056888||N/A|
|Windows 10 1507||Catalog
|.NET Framework 3.5||4056893||N/A|
|.NET Framework 4.6, 4.6.1, 4.6.2||4056893||N/A|
Windows RT 8.1
Windows Server 2012 R2
|.NET Framework 3.5||4054999||4054177|
|.NET Framework 4.5.2||4054993||4054170|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1||4055001||4054182|
|Windows Server 2012||Catalog
|.NET Framework 3.5||4054997||4054175|
|.NET Framework 4.5.2||4054994||4054171|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1||4055000||4054181|
Windows Server 2008 R2
|.NET Framework 3.5.1||4054998||4054176|
|.NET Framework 4.5.2||4054995||4054172|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1||4074880||4054183|
|Windows Server 2008||Catalog
|.NET Framework 2.0, 3.0||4054996||4054174|
|.NET Framework 4.5.2||4054995||4054172|
|.NET Framework 4.6||4055002||4054183|
An issue has been found in the .NET Framework January 2018 Security and Quality Rollup (KB 4055002), applicable to .NET Framework 4.7.1 installed on either Windows 7 and Windows Server 2008 R2. The .NET team has fixed the issue and re-released the January 2018 Monthly Rollup as KB 4074880.
Docker images have been updated as part of today’s release (actually, a few days ago).
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.
The last few .NET Framework Monthly updates are listed below for your convenience:
- November 2017 Security and Quality Rollup
- October 2017 Preview of Quality Rollup
- October 2017 Security and Quality Rollup
- September 2017 Preview of Quality Rollup
- September 2017 Security and Quality Rollup