February 12, 2019 - KB4483452 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019

Applies to: .NET Framework

---

Improvements and fixes

This security update resolves vulnerabilities in Microsoft .NET Framework that could allow the following:

• A Remote Code Execution vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who have administrative user rights.
  
  Exploitation of the vulnerability requires a user to open a specially crafted file that has an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user, and convincing the user to open the file.
  
  This security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.
  
  To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0613.
• A vulnerability in certain .NET Framework APIs that parse URLs. An attacker who successfully exploits this vulnerability could use it to bypass security logic intended to make sure that a user-provided URL belonged to a specific host name or a subdomain of that host name. This could be used to cause privileged communication to be made to an untrusted service as if that service were trusted.
  To exploit the vulnerability, an attacker must provide a URL string to an application that tries to verify that the URL belongs to a specific host name or to a subdomain of that host name. The application must then make an HTTP request to the attacker-provided URL either directly or by sending a processed version of the attacker-provided URL to a web browser.
  
  To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0657.

Known issues in this update

Microsoft is not currently aware of any issues in this update.

How to get this update

Install this update

To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4483452 for x64 and the file information for cumulative update 4483452 for x86.

Source: https://support.microsoft.com/en-us/...2019-kb4483452

See also: .NET Framework February 2019 Security and Quality Rollup | .NET Blog


Direct download links for KB4483452 MSU file from Microsoft Update Catalog:

Download KB4483452 MSU for Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 v1809 32-bit (x86) - 32.0 MB

Download KB4483452 MSU for Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 v1809 64-bit (x64) - 61.7 MB

Download KB4483452 MSU for Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 64-bit (x64) - 61.7 MB

   Tip

How to Find Windows 10 Version Number

How to Find Windows 10 Build Number

Posted By: Brink
12 Feb 2019