Today, we are releasing the May 2018 Security and Quality Rollup.<\/p>\n
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies<\/p>\n
CVE-2018-1039<\/a><\/p>\n A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application.<\/p>\n The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing.<\/p>\n CVE-2018-0765<\/a><\/p>\n This release contains the following quality and reliability improvements.<\/p>\n Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.<\/p>\n The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.<\/p>\n You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.<\/p>\n The following table is for Windows 10 and Windows Server 2016+.<\/p>\n<\/a>CVE-2018-0765 \u2013 .NET and .NET Core Denial Of Service Vulnerability<\/h3>\n
<\/a>Quality and Reliability<\/h2>\n
<\/a>CLR<\/h4>\n
\n
<\/a>Getting the Update<\/h2>\n
<\/a>Microsoft Update Catalog<\/h3>\n