{"id":13435,"date":"2017-07-11T22:10:37","date_gmt":"2017-07-12T05:10:37","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=13435"},"modified":"2021-09-29T16:44:56","modified_gmt":"2021-09-29T23:44:56","slug":"net-framework-july-2017-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-july-2017-security-and-quality-rollup\/","title":{"rendered":".NET Framework July 2017 Security and Quality Rollup"},"content":{"rendered":"

Today, we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. Today’s update applies to Windows 10 and Windows Server 2016.<\/p>\n

<\/a>Security<\/h2>\n

Microsoft Common Vulnerabilities and Exposures CVE-2017-8585<\/strong><\/p>\n

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application.<\/p>\n

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application.<\/p>\n

The update addresses the vulnerability by correcting how the .NET web application handles web requests.<\/p>\n

More info: Microsoft Common Vulnerabilities and Exposures CVE-2017-0248<\/a>.<\/p>\n

<\/a>Quality and Reliability<\/h2>\n

There are no quality and reliability changes this month.<\/p>\n

<\/a>Getting the Update<\/h2>\n

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services and Microsoft Update Catalog. The Security Only Update is not available for Windows 10. The updates for Windows 10<\/a> are integrated with the Windows 10 Monthly Update<\/a>.<\/p>\n

You can learn more about the releases from the table below.<\/p>\n\n\n\n\n\n\n\n\n
Windows Version<\/th>\n.NET Version<\/th>\nRollup KB<\/th>\nSecurity-only KB<\/th>\n<\/tr>\n<\/thead>\n
Windows 10 Update 1703 (Creators Update)<\/td>\n.NET Framework 3.5 and 4.7<\/td>\n4025342<\/a><\/td>\nN\/A<\/td>\n<\/tr>\n
Windows 10 Update 1607 (Anniversary Update)\nWindows Server 2016<\/td>\n.NET Framework 3.5, 4.6.2 and 4.7<\/td>\n4025339<\/a><\/td>\nN\/A<\/td>\n<\/tr>\n
Windows 10 Update 1511<\/td>\n.NET Framework 3.5 and 4.6.1<\/td>\n4025344<\/a><\/td>\nN\/A<\/td>\n<\/tr>\n
Windows 10 Update 1507<\/td>\n.NET Framework 3.5 and 4.6<\/td>\n4025338<\/a><\/td>\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/a>Docker Images<\/h3>\n

The following Docker images have been updated with today’s release.<\/p>\n

You must explicitly re-pull images to update your local Docker image cache, for example with docker pull microsoft\/dotnet-framework:4.7<\/code>. The Docker client does not pull updated base images automatically.<\/p>\n

<\/a>.NET Framework<\/h4>\n

The .NET Framework Docker images have been updated to include the .NET Framework July Security and Quality Rollup and have been rebased on top of the latest microsoft\/windowsservercore<\/a> base image (released today).<\/p>\n