MS16-091: Security update for the .NET Framework: July 12, 2016


View products that this article applies to.

Summary

This update resolves a vulnerability in the Microsoft .NET Framework. The vulnerability could let sensitive information be disclosed if an attacker uploads a specially crafted XML file to a web-based application. To learn more about the vulnerability, see Microsoft Security Bulletin MS16-091.

More Information

Important

  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

Microsoft .NET Framework 4.6 and 4.6.1

  • 3164024 MS16-091: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: July 12, 2016

  • 3164023 MS16-091: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows Server 2012: July 12, 2016

  • 3164025 MS16-091: Description of the security update for the .NET Framework 4.6 in Windows Vista SP2 and Windows Server 2008 SP2 and the .NET Framework 4.6 and 4.6.1 in Windows 7 SP1 and Windows Server 2008 R2 SP1: July 12, 2016


Microsoft .NET Framework 4.5.2

  • 3163291 MS16-091: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: July 12, 2016

  • 3163250 MS16-091: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: July 12, 2016

  • 3163251 MS16-091: Description of the security update for the .NET Framework 4.5.2 in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1: July 12, 2016


Microsoft .NET Framework 3.5 and 3.5.1

  • 3163247 MS16-091: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: July 12, 2016

  • 3163246 MS16-091: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: July 12, 2016

  • 3163245 MS16-091: Description of the security update for the .NET Framework 3.5.1 in Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: July 12, 2016


Microsoft .NET Framework 2.0

  • 3163244 MS16-091: Description of the security update for the .NET Framework 2.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: July 12, 2016


Windows Vista (all editions)Reference table

The following table contains the security update information for this software.

Security update file names

For Microsoft .NET Framework 2.0 Service Pack 2 on all supported 32-bit editions of Windows Vista:
Windows6.0-KB3163244-x86.msu

For Microsoft .NET Framework 4.5.2 when installed on all supported 32-bit editions of Windows Vista:
NDP45-KB3163251-x86.exe

For Microsoft .NET Framework 4.6 when installed on all supported 32-bit editions of Windows Vista:
NDP46-KB3164025-x86.exe

For Microsoft .NET Framework 2.0 Service Pack 2 on all supported x64-based editions of Windows Vista:
Windows6.0-KB3163244-x64.msu

For Microsoft .NET Framework 4.5.2 when installed on all supported x64-based editions of Windows Vista:
NDP45-KB3163251-x64.exe

For Microsoft .NET Framework 4.6 when installed on all supported x64-based editions of Windows Vista:
NDP46-KB3164025-x64.exe

Installation switches

For Microsoft .NET Framework, see Microsoft Knowledge Base Article 2844699

Update log file

For Microsoft .NET Framework 2.0 Service Pack 2:
Not applicable

For Microsoft .NET Framework 4.5.2:
KB3142033_*_*-Microsoft .NET Framework [.NET target version]-MSP0.txt
KB3163251_*_*.html

For Microsoft .NET Framework 4.6:
KB3164025_*_*-Microsoft .NET Framework 4.6/4.6.1-MSP0.txt
KB3164025_*_*.html

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Registry key verification

For Microsoft .NET Framework 2.0 Service Pack 2 (3163244):
A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

For Microsoft .NET Framework 4.5.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework [.NET target version]\KB3163251
”ThisVersionInstalled” = “Y”

For Microsoft .NET Framework 4.6:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.6\ KB3164025
"ThisVersionInstalled" = "Y"

Windows Server 2008 (all editions)Reference table

The following table contains the security update information for this software.

Security update file names

For Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2:
Windows6.0-KB3163244-x86.msu

For Microsoft .NET Framework 4.5.2 when installed on all supported 32-bit editions of Windows Server 2008 Service Pack 2:
NDP45-KB3163251-x86.exe

For Microsoft .NET Framework 4.6 when installed on all supported 32-bit editions of Windows Server 2008 Service Pack 2:
NDP46-KB3164025-x86.exe

For Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2:
Windows6.0-KB3163244-x64.msu

For Microsoft .NET Framework 4.5.2 on all supported x64-based editions of Windows Server 2008 Service Pack 2:
NDP45-KB3163251-x64.exe

For Microsoft .NET Framework 4.6 on all supported x64-based editions of Windows Server 2008 Service Pack 2:
NDP46-KB3164025-x64.exe

For Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-based Systems Service Pack 2:
Windows6.0-KB3163244-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 2844699

Update log file

For Microsoft .NET Framework 2.0 Service Pack 2:
Not applicable

For Microsoft .NET Framework 4.5.2:
KB3142033_*_*-Microsoft .NET Framework [.NET target version]-MSP0.txt
KB3163251_*_*.html

For Microsoft .NET Framework 4.6:
KB3164025_*_*-Microsoft .NET Framework 4.6/4.6.1-MSP0.txt
KB3164025_*_*.html

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Registry key verification

For Microsoft .NET Framework 2.0 Service Pack 2 (3163244):
A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

For Microsoft .NET Framework 4.5.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework [.NET target version]\KB3163251
”ThisVersionInstalled” = “Y”

For Microsoft .NET Framework 4.6:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.6\KB3164025
"ThisVersionInstalled" = "Y"

Windows 7 (all editions)Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft .NET Framework 3.5.1 on all supported 32-bit editions of Windows 7 Service Pack 1:
Windows6.1-KB3163245-x86.msu

For Microsoft .NET Framework 4.5.2 when installed on all supported 32-bit editions of Windows 7 Service Pack 1:
NDP45-KB3163251-x86.exe

For Microsoft .NET Framework 4.6/4.6.1 when installed on all supported 32-bit editions of Windows 7 Service Pack 1:
NDP46-KB3164025-x86.exe

For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows 7 Service Pack 1:
Windows6.1-KB3163245-x64.msu

For Microsoft .NET Framework 4.5.2 when installed on all supported x64-based editions of Windows 7 Service Pack 1:
NDP45-KB3163251-x64.exe

For Microsoft .NET Framework 4.6/4.6.1 when installed on all supported x64-based editions of Windows 7 Service Pack 1:
NDP46-KB3164025-x64.exe

Installation switches

See Microsoft Knowledge Base Article 2844699

Update log file

For Microsoft .NET Framework 3.5.1:
Not applicable.

For Microsoft .NET Framework 4.5.2:
KB3163251_*_*-Microsoft .NET Framework [.NET target version]-MSP0.txt
KB3163251_*_*.html

For Microsoft .NET Framework 4.6/4.6.1:
KB3164025_*_*-Microsoft .NET Framework 4.6/4.6.1-MSP0.txt
KB3164025_*_*.html

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Registry key verification

A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

For Microsoft .NET Framework 4.5.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework [.NET target version]\KB3163251
”ThisVersionInstalled” = “Y”

For Microsoft .NET Framework 4.6/4.6.1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.6\KB3164025
"ThisVersionInstalled" = "Y"

Windows Server 2008 R2 (all editions)Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows Server 2008 R2 Service Pack 1:
Windows6.1-KB3163245-x64.msu

For Microsoft .NET Framework 4.5.2 when installed on all supported x64-based editions of Windows Server 2008 R2 Service Pack 1:
NDP45-KB3163251-x64.exe

For Microsoft .NET Framework 4.6/4.6.1 when installed on all supported 32-bit editions of Windows 7 Service Pack 1:
NDP46-KB3164025-x64.exe

For Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
Windows6.1-KB3163245-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 2844699

Update log file

For Microsoft .NET Framework 3.5.1:
Not applicable

For Microsoft .NET Framework 4.5.2:
KB3142033_*_*-Microsoft .NET Framework [.NET target version]-MSP0.txt
KB3163251_*_*.html

For Microsoft .NET Framework 4.6/4.6.1:
KB3164025_*_*-Microsoft .NET Framework 4.6/4.6.1-MSP0.txt
KB3164025_*_*.html

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Registry key verification

For Microsoft .NET Framework 3.5.1:
A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

For Microsoft .NET Framework 4.5.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework [.NET target version]\KB3163251
”ThisVersionInstalled” = “Y”

For Microsoft .NET Framework 4.6/4.6.1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.6\KB3164025
"ThisVersionInstalled" = "Y"

Windows 8.1 (all editions)Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit Systems:
Windows8.1-KB3163247-x86.msu

For Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit Systems:
Windows8.1-KB3163291-x86.msu

For Microsoft .NET Framework 4.6/4.6.1 on Windows 8.1 for 32-bit Systems:
Windows8.1-KB3164024-x86.msu

For Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based Systems:
Windows8.1-KB3163247-x64.msu

For Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based Systems:
Windows8.1-KB3163291-x64.msu

For Microsoft .NET Framework 4.6/4.6.1 on Windows 8.1 for x64-based Systems:
Windows8.1-KB3164024-x64.msu

Installation switches

See Microsoft Knowledge Base Article 2844699

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Registry key verification

Registry keys do not exist to validate the presence of these updates. Use WMI to detect for the presence of these updates.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft .NET Framework 3.5 on Windows Server 2012:
Windows8-RT-KB3163246-x64.msu

For Microsoft .NET Framework 4.5.2 on Windows Server 2012:
Windows8-RT-KB3163250-x64.msu

For Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012:
Windows8-RT-KB3164023-x64.msu

For Microsoft .NET Framework 3.5 on Windows Server 2012 R2:
Windows8.1-KB3163247-x64.msu

For Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2:
Windows8.1-KB3163291-x64.msu

For Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 R2:
Windows8.1-KB3164024-x64.msu

Installation switches

See Microsoft Knowledge Base Article 2844699

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Registry key verification

Registry keys do not exist to validate the presence of these updates. Use WMI to detect for the presence of these updates.

Windows RT 8.1 (all editions)Reference table

The following table contains the security update information for this software.

Deployment

The 3163291 update is available via Windows Update only.
The 3164024 update is available via Windows Update only.

Restart Requirement

A system restart is required after applying this security update.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File Information

See the individual Knowledge Base articles that are listed in the “Additional information about this security update” section.

Windows 10 (all editions)Reference table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 10:
Windows10.0-KB3163912-x86.msu

For all supported x64-based editions of Windows 10:
Windows10.0-KB3163912-x64.msu

For all supported 32-bit editions of Windows 10 Version 1511:
Windows10.0-KB3172985-x86.msu

For all supported x64-based editions of Windows 10 Version 1511:
Windows10.0-KB3172985-x64.msu

Installation switches

For Microsoft .NET Framework, see Microsoft Knowledge Base Article 2844699

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

Click Control Panel, click Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3163912
See Microsoft Knowledge Base Article 3172985

Registry key verification

Registry keys do not exist to validate the presence of these updates.


Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Applies toThis article applies to the following:

  • Microsoft .NET Framework 4.6 and 4.6.1 when used with:

    • Windows Server 2012 R2

    • Windows 8.1

    • Windows Server 2012

    • Windows Server 2008 R2 Service Pack 1

    • Windows 7 Service Pack 1

  • Microsoft .NET Framework 4.6 when used with:

    • Windows Server 2008 Service Pack 2

    • Windows Vista Service Pack 2

  • Microsoft .NET Framework 4.5.2 when used with:

    • Windows Server 2012 R2

    • Windows 8.1

    • Windows RT 8.1

    • Windows Server 2012

    • Windows Server 2008 R2 Service Pack 1

    • Windows 7 Service Pack 1

    • Windows Server 2008 Service Pack 2

    • Windows Vista Service Pack 2

  • Microsoft .NET Framework 3.5.1 when used with:

    • Windows Server 2008 R2 Service Pack 1

    • Windows 7 Service Pack 1

  • Microsoft .NET Framework 3.5 when used with:

    • Windows Server 2012 R2

    • Windows 8.1

    • Windows Server 2012

  • Microsoft .NET Framework 2.0 Service Pack 2 when used with:

    • Windows Server 2008 Service Pack 2

    • Windows Vista Service Pack 2

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×