{"id":20825,"date":"2019-01-08T10:59:07","date_gmt":"2019-01-08T18:59:07","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=20825"},"modified":"2019-02-19T18:35:53","modified_gmt":"2019-02-20T01:35:53","slug":"net-framework-january-2019-security-and-quality-rollup","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-framework-january-2019-security-and-quality-rollup\/","title":{"rendered":".NET Framework January 2019 Security and Quality Rollup"},"content":{"rendered":"<p>Today, we are releasing the January 2019 Security and Quality Rollup.<\/p>\n<h2><a href=\"#security\" id=\"user-content-security\" class=\"anchor\"><\/a>Security<\/h2>\n<h3><a href=\"#cve-2019-0545--windows-security-feature-bypass-vulnerability\" id=\"user-content-cve-2019-0545--windows-security-feature-bypass-vulnerability\" class=\"anchor\"><\/a>CVE-2019-0545 \u2013 Windows Security Feature Bypass Vulnerability<\/h3>\n<p>This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploits the vulnerability could retrieve from a web application content that&#8217;s normally restricted. This security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.<\/p>\n<p><a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/94\">CVE-2019-0545<\/a><\/p>\n<h2><a href=\"#getting-the-update\" id=\"user-content-getting-the-update\" class=\"anchor\"><\/a>Getting the Update<\/h2>\n<p>The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.<\/p>\n<h3><a href=\"#microsoft-update-catalog\" id=\"user-content-microsoft-update-catalog\" class=\"anchor\"><\/a>Microsoft Update Catalog<\/h3>\n<p>You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.<\/p>\n<p>The following table is for Windows 10 and Windows Server 2016+ versions.<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 10 1809 (October 2018 Update)\nWindows Server 2019<\/strong><\/td>\n<td><strong>\n<a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480056\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480056\" rel=\"nofollow\">4480056<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4480056\" rel=\"nofollow\">4480056<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1803 (April 2018 Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480966\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480966\" rel=\"nofollow\">4480966<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4480966\" rel=\"nofollow\">4480966<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1709 (Fall Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480978\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480978\" rel=\"nofollow\">4480978<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4480978\" rel=\"nofollow\">4480978<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1703 (Creators Update)<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480973\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480973\" rel=\"nofollow\">4480973<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4480973\" rel=\"nofollow\">4480973<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1607 (Anniversary Update)\nWindows Server 2016<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480961\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480961\" rel=\"nofollow\">4480961<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2&lt;<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4480961\" rel=\"nofollow\">4480961<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 10 1507<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480962\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480962\" rel=\"nofollow\">4480962<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5, 4.6, 4.6.1, 4.6.2&lt;<\/td>\n<td><a href=\"https:\/\/support.microsoft.com\/kb\/4480962\" rel=\"nofollow\">4480962<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The following table is for earlier Windows and Windows Server versions.<\/p>\n<p>&nbsp;<\/p>\n<table>\n<thead>\n<tr>\n<th>Product Version<\/th>\n<th>Security and Quality Rollup KB<\/th>\n<th>Security Only Update KB<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Windows 8.1\nWindows RT 8.1\nWindows Server 2012 R2<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481485\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481485\" rel=\"nofollow\">4481485<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481484\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481484\" rel=\"nofollow\">4481484<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480064\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480064\" rel=\"nofollow\">4480064<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480086\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480086\" rel=\"nofollow\">4480086<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480057\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480057\" rel=\"nofollow\">4480057<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480074\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480074\" rel=\"nofollow\">4480074<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480054\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480054\" rel=\"nofollow\">4480054<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480071\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480071\" rel=\"nofollow\">4480071<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2012<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481482\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481482\" rel=\"nofollow\">4481482<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481483\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481483\" rel=\"nofollow\">4481483<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480061\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480061\" rel=\"nofollow\">4480061<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480083\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480083\" rel=\"nofollow\">4480083<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480058\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480058\" rel=\"nofollow\">4480058<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480075\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480075\" rel=\"nofollow\">4480075<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480051\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480051\" rel=\"nofollow\">4480051<\/a><\/td>\n<td><strong>\n<a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480070\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480070\" rel=\"nofollow\">4480070<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 7 SP1\nWindows Server 2008 R2 SP1<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481480\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481480\" rel=\"nofollow\">4481480<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481481\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481481\" rel=\"nofollow\">4481481<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 3.5.1<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480063\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480063\" rel=\"nofollow\">4480063<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480085\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480085\" rel=\"nofollow\">4480085<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480059\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480059\" rel=\"nofollow\">4480059<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480076\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480076\" rel=\"nofollow\">4480076<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480055\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480055\" rel=\"nofollow\">4480055<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480072\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480072\" rel=\"nofollow\">4480072<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2008<\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481486\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481486\" rel=\"nofollow\">4481486<\/a><\/strong><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4481487\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4481487\" rel=\"nofollow\">4481487<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 2.0, 3.0<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480062\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480062\" rel=\"nofollow\">4480062<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480084\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480084\" rel=\"nofollow\">4480084<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.5.2<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480059\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480059\" rel=\"nofollow\">4480059<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480076\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480076\" rel=\"nofollow\">4480076<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td>.NET Framework 4.6<\/td>\n<td><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480055\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480055\" rel=\"nofollow\">4480055<\/a><\/td>\n<td><strong><a href=\"http:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=4480072\" rel=\"nofollow\">Catalog<\/a>\n<a href=\"https:\/\/support.microsoft.com\/kb\/4480072\" rel=\"nofollow\">4480072<\/a><\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><a href=\"#docker-images\" id=\"user-content-docker-images\" class=\"anchor\"><\/a>Docker Images<\/h3>\n<p>We are updating the following .NET Framework Docker images for today&#8217;s release:<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnet\/\" rel=\"nofollow\">microsoft\/aspnet<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework\/\" rel=\"nofollow\">microsoft\/dotnet-framework<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-framework-samples\/\" rel=\"nofollow\">microsoft\/dotnet-framework-samples<\/a><\/li>\n<\/ul>\n<p>Note: Look at the &#8220;Tags&#8221; view in each repository to see the updated Docker image tags.<\/p>\n<p>Note: Significant changes have been made with Docker images recently. Please look at <a href=\"https:\/\/github.com\/dotnet\/announcements\/labels\/Docker\">.NET Docker Announcements<\/a> for more information.<\/p>\n<h3><a href=\"#previous-monthly-rollups\" id=\"user-content-previous-monthly-rollups\" class=\"anchor\"><\/a>Previous Monthly Rollups<\/h3>\n<p>The last few .NET Framework Monthly updates are listed below for your convenience:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/12\/11\/net-framework-december-2018-security-and-quality-rollup\/\" rel=\"nofollow\">December 2018 Security and Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/12\/05\/net-framework-december-4-2018-preview-of-cumulative-update-for-windows-10-version-1809-and-windows-server-2019\/\" rel=\"nofollow\">November 2018 Preview of Cumulative Update for Windows 10 version 1809 and Windows Server 2019<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/11\/27\/net-framework-november-2018-preview-of-quality-rollup\/\" rel=\"nofollow\">November 2018 Preview of Quality Rollup<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/11\/13\/net-framework-november-2018-security-and-quality-rollup\/\" rel=\"nofollow\">November 2018 Security and Quality Rollup<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the January 2019 Security and Quality Rollup. Security CVE-2019-0545 \u2013 Windows Security Feature Bypass Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploits the vulnerability could retrieve from a web [&hellip;]<\/p>\n","protected":false},"author":369,"featured_media":21751,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[195,326],"tags":[11,123],"class_list":["post-20825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet-framework","category-security","tag-net-framework","tag-security"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the January 2019 Security and Quality Rollup. Security CVE-2019-0545 \u2013 Windows Security Feature Bypass Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploits the vulnerability could retrieve from a web [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/20825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/369"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=20825"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/20825\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/21751"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=20825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=20825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=20825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}