Update Rollup 13.1 for Windows Azure Pack Web Sites version 2

Summary

A remote code execution vulnerability exists when Windows Azure Pack Web Sites does not check the length of a buffer before copying memory to it. To learn more about this vulnerability, go to CVE-2019-1372.

This Update Rollup 13.1 for Windows Azure Pack Web Sites version 2 includes a security update that addresses this vulnerability.

This update rollup replaces Update Rollup 13 for Windows Azure Pack Web Sites version 2 (the final feature update for Windows Azure Pack Web Sites V2), and also includes all the fixes that were included in Update Rollup 13.

We recommend that you review the information in this article and also in Update Rollup 13 for Windows Azure Pack Web Sites version 2 before you apply this update.

Note: Windows Azure Pack Web Sites V2 is now in Extended Support, as discussed at https://aka.ms/wapwebsiteslifecycle

Issues that are fixed in this update

This update fixes the following issues:

• Issue 1: Provides mitigation for the vulnerability discussed in CVE-2019-1372.

Installation instructions

Installation and upgrade instructions are documented in the Start the installation of Windows Azure Pack: Web Sites topic on the TechNet website. These instructions describe how to upgrade to Update Rollup 13.1 for Windows Azure Pack Web Sites version 2.  

Notice that the installation and upgrade process changed significantly in Update Rollup 6. Therefore, please take the time to review the documentation. 

There is additional guidance provided at this link to monitor the upgrade and to check the upgrade status.  

Because of the changes that were made to the data stores in addition to the executable, this update cannot be rolled back. 

How to obtain and install the update

More information