Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4470499
HistoryDec 11, 2018 - 8:00 a.m.

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 (KB 4470499)

2018-12-1108:00:00
Microsoft
support.microsoft.com
10

9.2 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 (KB 4470499)

**Applies to:**Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7.2

Summary

This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn’t validate input correctly. An attacker who successfully exploits this vulnerability could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.To exploit the vulnerability, an attacker would have to pass specific input to an application that uses susceptible .NET Framework methods.This security update addresses the vulnerability by correcting how .NET Framework validates input.To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.Important

  • All updates for Windows 8.1 and Windows Server 2012 R2 require that update KB 2919355 is installed. We recommend that you install update KB 2919355 on your Windows 8.1-based, Windows RT 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update

For more information about this security update as it relates to Windows 8.1 and Windows Server 2012 R2, see the following article in the Microsoft Knowledge Base:4471983 Security Only updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 (KB 4471983)

How to obtain and install the update

Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog.

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

  1. Select Start, selectAdministrative Tools, and then selectMicrosoft Windows Server Update Services 3.0.
  2. Expand ComputerName, and then selectAction.
  3. Select Import Updates.
  4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. Install the ActiveX control to continue.
  5. After the ActiveX control is installed, you see the Microsoft Update Catalog screen. Type4471983in theSearchbox, and then selectSearch.
  6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Select Add to add them to your basket.
  7. After you select all the packages that you need, select View Basket.
  8. To import the packages to your WSUS server, select Import.
  9. After the packages are imported, select Close to return to WSUS.
    The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:20181211 Security update deployment information: December 11, 2018

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use thePrograms and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces update KB 3098785.

File information

File hash

File name SHA1 hash SHA256 hash
Windows8.1-KB4470499-x86.msu 39D6B02196096DD235202F0E7DC9CF9C4276D75D C0E43EB6D8BCE0515E9AC4C347DCE01A41B41505C49219F5E4DF1D3A98FF03F2
Windows8.1-KB4470499-x64.msu 79650F1A6A9772E20E7D5867707576C994A6D36F 04991E85AB14686B78569B5AC2E79142DBE922E33BD78C29A13CB9AB1CD2FA58
Windows8.1-KB4470499-arm.msu 5B68CB80D4101BCEE93E49F77239827F4A9622EE CC6CC8BC587874AE790763BD0C50B630403A86DEB333F6551DF9DD88F1CAEE17

File attributes for all supported x86-based systems

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.File name File version File size Date Time
system.web.applicationservices.dll 4.7.3282.0 71,120 31-Oct-2018 01:33
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33
aspnet_perf.dll 4.7.3282.0 42,792 31-Oct-2018 01:33
aspnet_state_perf.h 318 30-Oct-2018 23:38
aspnet_state_perf.ini 42,996 31-Oct-2018 01:34
aspnet_wp.exe 4.7.3282.0 46,088 31-Oct-2018 01:33
msvcp120_clr0400.dll 12.0.52519.0 485,576 30-Oct-2018 22:54
msvcr120_clr0400.dll 12.0.52519.0 987,840 30-Oct-2018 22:54
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33
webengine4.dll 4.7.3282.0 550,152 31-Oct-2018 01:33
webengine.dll 4.7.3282.0 24,840 31-Oct-2018 01:33
system.web.dll 4.7.3282.0 5,416,232 31-Oct-2018 01:33

File attributes for all supported x64-based systems

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.File name File version File size Date Time
aspnet_perf.dll 4.7.3282.0 46,144 31-Oct-2018 01:32
aspnet_state_perf.h 318 30-Oct-2018 23:03
aspnet_state_perf.ini 42,996 31-Oct-2018 01:32
aspnet_wp.exe 4.7.3282.0 50,904 31-Oct-2018 01:32
msvcp120_clr0400.dll 12.0.52519.0 690,008 30-Oct-2018 22:54
msvcr120_clr0400.dll 12.0.52519.0 993,632 30-Oct-2018 22:54
system.web.applicationservices.dll 4.7.3282.0 71,120 31-Oct-2018 01:33
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33
webengine4.dll 4.7.3282.0 667,192 31-Oct-2018 01:32
webengine.dll 4.7.3282.0 26,168 31-Oct-2018 01:32
system.web.dll 4.7.3282.0 5,398,280 31-Oct-2018 01:32
system.web.applicationservices.dll 4.7.3282.0 71,120 31-Oct-2018 01:33
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33
aspnet_perf.dll 4.7.3282.0 42,792 31-Oct-2018 01:33
aspnet_state_perf.h 318 30-Oct-2018 23:38
aspnet_state_perf.ini 42,996 31-Oct-2018 01:34
aspnet_wp.exe 4.7.3282.0 46,088 31-Oct-2018 01:33
msvcp120_clr0400.dll 12.0.52519.0 485,576 30-Oct-2018 22:54
msvcr120_clr0400.dll 12.0.52519.0 987,840 30-Oct-2018 22:54
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33
webengine4.dll 4.7.3282.0 550,152 31-Oct-2018 01:33
webengine.dll 4.7.3282.0 24,840 31-Oct-2018 01:33
system.web.dll 4.7.3282.0 5,416,232 31-Oct-2018 01:33

File attributes for all supported ARM-based systems

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.File name File version File size Date Time
msvcp120_clr0400.dll 12.0.52242.36242 602,080 30-Oct-2018 22:54
msvcr120_clr0400.dll 12.0.52242.36242 634,336 30-Oct-2018 22:54
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33
system.web.dll 4.7.3282.0 5,417,224 31-Oct-2018 01:30
system.web.applicationservices.dll 4.7.3282.0 71,120 31-Oct-2018 01:33
system.web.extensions.dll 4.7.3282.0 1,850,264 31-Oct-2018 01:33

How to obtain help and support for this security update

Related

nessus 11
mskb 33
openvas 12
kaspersky 2
cve 2
prion 2
nvd 2
symantec 2
cvelist 2
mscve 2
thn 1
threatpost 1
talosblog 1
nessus
nessus
Security Updates for Microsoft .NET Framework (December 2018)
2018-12-13 00:00:00
KB4471329: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 Security Update
2018-12-11 00:00:00
KB4471319: Windows Server 2008 December 2018 Security Update
2018-12-11 00:00:00
mskb
mskb
Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012 (KB 4470492)
2018-12-11 08:00:00
Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4470630)
2018-12-11 08:00:00
Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4470638)
2018-12-11 08:00:00
openvas
openvas
Microsoft .NET Framework Multiple Vulnerabilities (KB4470640)
2018-12-12 00:00:00
Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4470623)
2018-12-12 00:00:00
Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4470641)
2018-12-12 00:00:00
kaspersky
kaspersky
KLA11897 Multiple vulnerabilities in Microsoft Developer Tools
2018-12-11 00:00:00
KLA11383 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-11 00:00:00
cve
cve
CVE-2018-8517
2018-12-12 00:29:00
CVE-2018-8540
2018-12-12 00:29:00
prion
prion
Denial of service
2018-12-12 00:29:00
Remote code execution
2018-12-12 00:29:00
nvd
nvd
CVE-2018-8540
2018-12-12 00:29:00
CVE-2018-8517
2018-12-12 00:29:00
symantec
symantec
Microsoft .NET Framework CVE-2018-8540 Remote Code Execution Vulnerability
2018-12-11 00:00:00
Microsoft .NET Framework CVE-2018-8517 Remote Denial of Service Vulnerability
2018-12-11 00:00:00
cvelist
cvelist
CVE-2018-8540
2018-12-12 00:00:00
CVE-2018-8517
2018-12-12 00:00:00
mscve
mscve
.NET Framework Remote Code Execution Injection Vulnerability
2018-12-11 08:00:00
.NET Framework Denial Of Service Vulnerability
2018-12-11 08:00:00
thn
thn
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
2018-12-12 08:48:00
threatpost
threatpost
Zero-Day Bug Patched by Microsoft, Part of December Patch TuesdZero-Day Bug Fixed by Microsoft in December Patch Tuesdayay
2018-12-11 22:02:00
talosblog
talosblog
Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage
2018-12-11 10:35:00

9.2 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON
Related for KB4470499
nessus11mskb33openvas12kaspersky2cve2prion2nvd2symantec2cvelist2mscve2thn1threatpost1talosblog1