Lucene search

K
mskbMicrosoftKB5020679
HistoryNov 08, 2022 - 8:00 a.m.

November 8, 2022-Security Only Update for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5020679)

2022-11-0808:00:00
Microsoft
support.microsoft.com
478

5.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

1.4 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.8%

November 8, 2022-Security Only Update for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5020679)

Applies to: Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8

IMPORTANT

  • All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see KB 4019990.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Summary

This security update addresses a vulnerability which exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query or command. For more information please see CVE-2022-41064.

Known issues in this update

Microsoft is not currently aware of any issues in this update.

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

  • 5020610 Description of the Security Only Update for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB5020610)
  • 5020606 Description of the Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard (KB5020606)

How to get this update

Release Channel Available Next Step
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure as follows: Product:Windows Server 2012Classification: Security Updates

How to obtain help and support for this update

5.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

1.4 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.8%