Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4471102
HistoryDec 11, 2018 - 8:00 a.m.

Description of the Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2008 SP2 (KB 4471102)

2018-12-1108:00:00
Microsoft
support.microsoft.com
10

9.3 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

Description of the Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2008 SP2 (KB 4471102)

**Applies to:**Microsoft .NET Framework 3.5 Service Pack 1

Summary

This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn’t validate input correctly. An attacker who successfully exploits this vulnerability could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who are granted administrative user rights.To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods.This security update addresses the vulnerability by correcting how .NET Framework validates input.To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.ImportantIf you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update

For more information about this security update as it relates to Windows Server 2008 Service Pack 2 (SP2), see the following article in the Microsoft Knowledge Base:4471990 Security and Quality Rollup updates for .NET Framework 3.5 SP1, 4.5.2, and 4.6 for Windows Server 2008 SP2 (KB 4471990)

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

  1. Select Start, selectAdministrative Tools, and then selectMicrosoft Windows Server Update Services 3.0.
  2. Expand ComputerName, and then selectAction.
  3. Select Import Updates.
  4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. Install the ActiveX control to continue.
  5. After the ActiveX control is installed, you see the Microsoft Update Catalog screen. Type4471990in theSearchbox, and then selectSearch.
  6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Select Add to add them to your basket.
  7. After you select all the packages that you need, select View Basket.
  8. To import the packages to your WSUS server, select Import.
  9. After the packages are imported, select Close to return to WSUS.
    The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:20181211 Security update deployment information: December 11, 2018

Update removal information

Note We don’t recommend that you remove any security update. To remove this update, use thePrograms and Features item in Control Panel.

Update restart information

This update doesn’t require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces previously released updates 4457921, 4467243, and 4467227.

File information

File hash

File name SHA1 hash SHA256 hash
NDP35SP1-KB4471102-ia64.exe 4F2612B058747C8E074157DF01751C59B90446B5 4E22EFEB2B97851BE78EB5AA3F8177F6179D184ACDDD1BFC0A702B10CC743762
NDP35SP1-KB4471102-x64.exe 0A2E2B076B6EE176602B3B3DCF664DBDDA5C1B1E 86D7EDD8AE7658235171EB5435703C00D53E1C6159634EDD4D3D9C4A63C2F7B1
NDP35SP1-KB4471102-x86.exe 4A39C18C807AFB7064426C358C8936A4EB1B4ED0 3470BC16237087F527DAF1A57D6628087C707DFCC25CB6E532044B0FA2C981E9

File attributes for all supported x86-based systems

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.File name File version File size Date Time
System.Web.Extensions.dll 3.5.30729.8816 1,282,048 06-Nov-2018 11:23

File attributes for all supported x64-based systems

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.File name File version File size Date Time
System.Web.Extensions.dll 3.5.30729.8816 1,282,048 06-Nov-2018 12:04
System.Web.Extensions.dll 3.5.30729.8816 1,282,048 06-Nov-2018 11:23

File attributes for all supported IA64-based systems

The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.File name File version File size Date Time
System.Web.Extensions.dll 3.5.30729.8816 1,282,048 06-Nov-2018 12:18
System.Web.Extensions.dll 3.5.30729.8816 1,282,048 06-Nov-2018 11:23

How to obtain help and support for this security update

Related

nessus 11
mskb 33
openvas 12
kaspersky 2
prion 2
nvd 2
cvelist 2
mscve 2
symantec 2
cve 2
thn 1
threatpost 1
talosblog 1
nessus
nessus
Security Updates for Microsoft .NET Framework (December 2018)
2018-12-13 00:00:00
KB4471329: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 Security Update
2018-12-11 00:00:00
KB4471324: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 Security Update
2018-12-11 00:00:00
mskb
mskb
Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012 (KB 4470492)
2018-12-11 08:00:00
Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4470630)
2018-12-11 08:00:00
Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 for Server 2008 SP2 (KB 4470640)
2018-12-11 08:00:00
openvas
openvas
Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4470623)
2018-12-12 00:00:00
Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4470641)
2018-12-12 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4470640)
2018-12-12 00:00:00
kaspersky
kaspersky
KLA11897 Multiple vulnerabilities in Microsoft Developer Tools
2018-12-11 00:00:00
KLA11383 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-11 00:00:00
prion
prion
Denial of service
2018-12-12 00:29:00
Remote code execution
2018-12-12 00:29:00
nvd
nvd
CVE-2018-8540
2018-12-12 00:29:00
CVE-2018-8517
2018-12-12 00:29:00
cvelist
cvelist
CVE-2018-8517
2018-12-12 00:00:00
CVE-2018-8540
2018-12-12 00:00:00
mscve
mscve
.NET Framework Remote Code Execution Injection Vulnerability
2018-12-11 08:00:00
.NET Framework Denial Of Service Vulnerability
2018-12-11 08:00:00
symantec
symantec
Microsoft .NET Framework CVE-2018-8540 Remote Code Execution Vulnerability
2018-12-11 00:00:00
Microsoft .NET Framework CVE-2018-8517 Remote Denial of Service Vulnerability
2018-12-11 00:00:00
cve
cve
CVE-2018-8517
2018-12-12 00:29:00
CVE-2018-8540
2018-12-12 00:29:00
thn
thn
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
2018-12-12 08:48:00
threatpost
threatpost
Zero-Day Bug Patched by Microsoft, Part of December Patch TuesdZero-Day Bug Fixed by Microsoft in December Patch Tuesdayay
2018-12-11 22:02:00
talosblog
talosblog
Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage
2018-12-11 10:35:00

9.3 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON
Related for KB4471102
nessus11mskb33openvas12kaspersky2prion2nvd2cvelist2mscve2symantec2cve2thn1threatpost1talosblog1