**Applies to:**Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7.2
This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesnât validate input correctly. An attacker who successfully exploits this vulnerability could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who are granted administrative user rights.To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods.This security update addresses the vulnerability by correcting how .NET Framework validates input.To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.Important
The following articles contain additional information about this security update as it relates to individual product versions.