Lucene search

MicrosoftKB4344165

HistoryAug 14, 2018 - 7:00 a.m.

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4344165)

2018-08-1407:00:00

Microsoft

support.microsoft.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.3%

JSON

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4344165)

Summary

This security update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections in which content from one stream can blend into another stream.To exploit the vulnerability, an attacker who can access one tenant in a high-load/high-density environment could potentially trigger multi-tenanted data exposure from one customer to another.This security update addresses the vulnerability by correcting the way that .NET Framework handles high-load/high-density network connections.To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8360.Important

All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7.1, and 4.7.2 require the d3dcompiler_47.dll to be installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see 4019990.
If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update

For more information about this security update as it relates to Windows Server 2012, see the following article in the Microsoft Knowledge Base:4345680 Security Only updates for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4345680)

How to obtain and install the update

Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog.

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

Click Start, clickAdministrative Tools, and then clickMicrosoft Windows Server Update Services 3.0.
Expand ComputerName, and then clickAction.
Click Import Updates.
WSUS opens a browser window in which you may be prompted to install an ActiveX control. You must install the ActiveX control to continue.
After the ActiveX control is installed, you see the Microsoft Update Catalog screen. Type4345680in theSearchbox, and then clickSearch.
Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Click Add to add them to your basket.
After you select all the packages that you require, click View Basket.
To import the packages to your WSUS server, click Import.
After the packages are imported, click Close to return to WSUS.
The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:20180814 Security update deployment information: August 14, 2018

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use thePrograms and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update does not replace any previously released update.

File information

File hash

File name	SHA1 hash	SHA256 hash
Windows8-RT-KB4344165-x64.msu	E1FFBB2548AF3E741CA430691324B13AF080E08F	9787E7078974505416D239CEAEFD7887DF9F85CD3F3F187BC14547F6B8282C33
Windows8-RT-KB4344165-x86.msu	6A7476194F48E9D617E223FD90BA067278F2A102	2713C5EB9961CACBDC5A006BDE467C2E8DC96A9651F25D2E1B9A24D10407774A

File attributes

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.For all supported x86-based systemsFile name	File version	File size	Date	Time
system.dll	4.7.3151.0	3,555,872	10-Jul-2018	06:53
mscorlib.dll	4.7.3133.0	5,638,272	25-Jul-2018	02:50
normidna.nlp		59,342	02-Nov-2017	02:14
normnfc.nlp		47,076	02-Nov-2017	02:14
normnfd.nlp		40,566	02-Nov-2017	02:14
normnfkc.nlp		67,808	02-Nov-2017	02:14
normnfkd.nlp		61,718	02-Nov-2017	02:14
clrjit.dll	4.7.3133.0	524,288	25-Jul-2018	02:50
clr.dll	4.7.3133.0	7,249,400	25-Jul-2018	02:50
mscordacwks.dll	4.7.3133.0	1,345,992	25-Jul-2018	02:50
mscordbi.dll	4.7.3133.0	1,170,440	25-Jul-2018	02:50
msvcp120_clr0400.dll	12.0.52519.0	485,576	11-May-2018	01:43
msvcr120_clr0400.dll	12.0.52519.0	987,840	11-May-2018	01:43
peverify.dll	4.7.3133.0	189,960	25-Jul-2018	02:50
sos.dll	4.7.3133.0	744,952	25-Jul-2018	02:50
For all supported x64-based systemsFile name	File version	File size	Date	Time
—	—	—	—	—
mscorlib.dll	4.7.3133.0	5,420,992	25-Jul-2018	02:09
normidna.nlp		59,342	02-Nov-2017	02:14
normnfc.nlp		47,076	02-Nov-2017	02:14
normnfd.nlp		40,566	02-Nov-2017	02:14
normnfkc.nlp		67,808	02-Nov-2017	02:14
normnfkd.nlp		61,718	02-Nov-2017	02:14
clrjit.dll	4.7.3133.0	1,227,192	25-Jul-2018	02:09
clr.dll	4.7.3133.0	10,378,664	25-Jul-2018	02:09
compatjit.dll	4.7.3133.0	1,262,528	25-Jul-2018	02:09
mscordacwks.dll	4.7.3133.0	1,843,656	25-Jul-2018	02:09
mscordbi.dll	4.7.3133.0	1,625,024	25-Jul-2018	02:09
msvcp120_clr0400.dll	12.0.52519.0	690,008	11-May-2018	01:43
msvcr120_clr0400.dll	12.0.52519.0	993,632	11-May-2018	01:43
peverify.dll	4.7.3133.0	263,104	25-Jul-2018	02:09
sos.dll	4.7.3133.0	874,920	25-Jul-2018	02:09
system.dll	4.7.3151.0	3,555,872	10-Jul-2018	06:53
system.dll	4.7.3151.0	3,555,872	10-Jul-2018	06:53
mscorlib.dll	4.7.3133.0	5,638,272	25-Jul-2018	02:50
normidna.nlp		59,342	02-Nov-2017	02:14
normnfc.nlp		47,076	02-Nov-2017	02:14
normnfd.nlp		40,566	02-Nov-2017	02:14
normnfkc.nlp		67,808	02-Nov-2017	02:14
normnfkd.nlp		61,718	02-Nov-2017	02:14
clrjit.dll	4.7.3133.0	524,288	25-Jul-2018	02:50
clr.dll	4.7.3133.0	7,249,400	25-Jul-2018	02:50
mscordacwks.dll	4.7.3133.0	1,345,992	25-Jul-2018	02:50
mscordbi.dll	4.7.3133.0	1,170,440	25-Jul-2018	02:50
msvcp120_clr0400.dll	12.0.52519.0	485,576	11-May-2018	01:43
msvcr120_clr0400.dll	12.0.52519.0	987,840	11-May-2018	01:43
peverify.dll	4.7.3133.0	189,960	25-Jul-2018	02:50
sos.dll	4.7.3133.0	744,952	25-Jul-2018	02:50

How to obtain help and support for this security update

Help for installing updates: Windows Update FAQ
Security solutions for IT professionals: TechNet Security Support and Troubleshooting
Help for protecting your Windows-based products and services from viruses and malware: Microsoft Secure
Local support according to your country: International Support