Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4096235)

Summary

This update resolves a vulnerability in Microsoft .NET Framework that could cause denial of service when .NET Framework and .NET core components process XML documents incorrectly. An attacker who has successfully exploited this vulnerability could cause a denial of service against a .NET Framework application. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0765.Additionally, this update resolves a security feature bypass vulnerability in Windows that could allow an attacker to bypass Device Guard. An attacker who successfully exploits this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the computer. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-1039. Important

• All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 require the d3dcompiler_47.dll to be installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see KB 4019990.
• If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Quality and reliability improvements

CLR1|

• Fixed a floating-point overflow in the thread pool’s hill climbing algorithm.
• When you observe high CPU usage by ntoskrnl!KiPageFault that originates from BGC (as indicated by theclr!gc_heap::bgc_thread_function), you might want this change so that the GC no longer uses the OS-implementedGetWriteWatchfunction to track BGC heap modifications. That process is very expensive because each of these page faults must take a process-wide lock. This is especially noticeable in the recent versions of the OS. You are probably seeing that most of the CPU is spent in thentoskrnl!ExpWaitForSpinLockExclusiveAndAcquirefunction. This fix makes GC use CLR’s own implementation of theGetWriteWatch* function instead.
  —|—
  1 Common Language Runtime (CLR)

Additional information about this security update

For more information about this security update as it relates to Windows Server 2012, see the following article in the Microsoft Knowledge Base:4099638 Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 (KB 4099638)

How to obtain and install the update

Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog.

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

1. Click Start, clickAdministrative Tools, and then clickMicrosoft Windows Server Update Services 3.0.
2. Expand ComputerName, and then clickAction.
3. Click Import Updates.
4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. You must install the ActiveX control to continue.
5. After the control is installed, you see the Microsoft Update Catalog screen. Enter4099638into theSearchbox, and then clickSearch.
6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Click Add to add them to your basket.
7. After you select all the packages that you need, click View Basket.
8. To import the packages to your WSUS server, click Import.
9. After the packages are imported, click Close to return to WSUS.
   The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:20180508 Security update deployment information: May 8, 2018

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use thePrograms and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update does not replace any previously released update.
File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows Server 2012 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information

File hash information

File name	SHA1 hash	SHA256 hash
Windows8-RT-KB4096235-x64.msu	1E96B82B4687DAEE451834C45FFA8276138A8905	65759AB87AE8A761271F9E1D42CDF564A51BC04AD841A035D8985E149B0B46E5
Windows8-RT-KB4096235-x86.msu	28FDC2CE844F6D3396CB60BCF9349587FC8F1396	F2545F04738E60BF4E36EEEB157265FD4EEE72ED9E55CE4C0DF93766BDD36381

For all supported x64-based versions

File name	File version	File size	Date	Time
mscorlib.dll	4.7.2650.0	5,413,520	21-Mar-2018	04:40
normidna.nlp		59,342	19-Oct-2017	03:38
normnfc.nlp		47,076	19-Oct-2017	03:38
normnfd.nlp		40,566	19-Oct-2017	03:38
normnfkc.nlp		67,808	19-Oct-2017	03:38
normnfkd.nlp		61,718	19-Oct-2017	03:38
clrjit.dll	4.7.2650.0	1,208,456	21-Mar-2018	04:40
clr.dll	4.7.2650.0	10,361,472	21-Mar-2018	04:40
compatjit.dll	4.7.2650.0	1,259,664	21-Mar-2018	04:40
mscordacwks.dll	4.7.2650.0	1,838,240	21-Mar-2018	04:40
mscordbi.dll	4.7.2650.0	1,621,136	21-Mar-2018	04:40
msvcp120_clr0400.dll	12.0.52519.0	690,008	26-Mar-2018	17:19
msvcr120_clr0400.dll	12.0.52519.0	993,632	26-Mar-2018	17:19
peverify.dll	4.7.2650.0	260,240	21-Mar-2018	04:40
sos.dll	4.7.2650.0	872,056	21-Mar-2018	04:40
system.security.dll	4.7.2650.0	324,696	21-Mar-2018	04:49
system.security.dll	4.7.2650.0	324,696	21-Mar-2018	04:49
mscorlib.dll	4.7.2650.0	5,631,624	21-Mar-2018	04:49
normidna.nlp		59,342	19-Oct-2017	03:38
normnfc.nlp		47,076	19-Oct-2017	03:38
normnfd.nlp		40,566	19-Oct-2017	03:38
normnfkc.nlp		67,808	19-Oct-2017	03:38
normnfkd.nlp		61,718	19-Oct-2017	03:38
clrjit.dll	4.7.2650.0	522,888	21-Mar-2018	04:49
clr.dll	4.7.2650.0	7,240,320	21-Mar-2018	04:49
mscordacwks.dll	4.7.2650.0	1,341,088	21-Mar-2018	04:49
mscordbi.dll	4.7.2650.0	1,167,504	21-Mar-2018	04:49
msvcp120_clr0400.dll	12.0.52519.0	485,576	26-Mar-2018	17:19
msvcr120_clr0400.dll	12.0.52519.0	987,840	26-Mar-2018	17:19
peverify.dll	4.7.2650.0	188,560	21-Mar-2018	04:49
sos.dll	4.7.2650.0	743,544	21-Mar-2018	04:49

For all supported x86-based versions

File name	File version	File size	Date	Time
system.security.dll	4.7.2650.0	324,696	21-Mar-2018	04:49
mscorlib.dll	4.7.2650.0	5,631,624	21-Mar-2018	04:49
normidna.nlp		59,342	19-Oct-2017	03:38
normnfc.nlp		47,076	19-Oct-2017	03:38
normnfd.nlp		40,566	19-Oct-2017	03:38
normnfkc.nlp		67,808	19-Oct-2017	03:38
normnfkd.nlp		61,718	19-Oct-2017	03:38
clrjit.dll	4.7.2650.0	522,888	21-Mar-2018	04:49
clr.dll	4.7.2650.0	7,240,320	21-Mar-2018	04:49
mscordacwks.dll	4.7.2650.0	1,341,088	21-Mar-2018	04:49
mscordbi.dll	4.7.2650.0	1,167,504	21-Mar-2018	04:49
msvcp120_clr0400.dll	12.0.52519.0	485,576	26-Mar-2018	17:19
msvcr120_clr0400.dll	12.0.52519.0	987,840	26-Mar-2018	17:19
peverify.dll	4.7.2650.0	188,560	21-Mar-2018	04:49
sos.dll	4.7.2650.0	743,544	21-Mar-2018	04:49

How to obtain help and support for this security update

• Help for installing updates: Windows Update FAQ
• Security solutions for IT professionals: TechNet Security Support and Troubleshooting
• Help for protecting your Windows-based products and services from viruses and malware: Microsoft Secure
• Local support according to your country: International Support