Applies to:

Microsoft .NET Framework 3.5

Summary

A remote code execution vulnerability exists in .NET Framework when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content. The security update addresses the vulnerability by correcting how .NET Framework validates the source markup of XML content.

This security update affects how .NET Framework's System.Data.DataTable and System.Data.DataSet types read XML-serialized data. Most .NET Framework applications will not experience any behavioral change after the update is installed. For more information on how the update affects .NET Framework, including examples of scenarios which may be affected, please see the DataTable and DataSet security guidance document at https://go.microsoft.com/fwlink/?linkid=2132227.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

  • 4566518 Description of the Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4566518)

How to obtain and install the update

Before installing this update

Prerequisite:

To apply this update, you must have .NET Framework 3.5 installed.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Product:Windows Server 2012

Classification: Security Updates

Prerequisites

To apply this update, you must have .NET Framework 3.5 installed.

Restart requirement

You must restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20200714 Security update deployment information: July 14, 2020

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces previously released updates 4535103, 4538157, and 4556400.

File information The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.Windows Server 2012 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information

File hash information

File name

SHA1 hash

SHA256 hash

Windows8-RT-KB4565610-v2-x64.msu

B135C711044E18ADFE9BCEEFD6E1F5AAB8060561

03B7D5D4B8E2DC0F3A37B4CFD7F75AC5AC3F44EE2BCDA98607D02501FB00B2D7

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Big5.nlp

Not applicable

66,728

04-May-2018

19:43

Not applicable

None

Not applicable

Bopomofo.nlp

Not applicable

82,172

04-May-2018

19:43

Not applicable

None

Not applicable

Ksc.nlp

Not applicable

116,756

04-May-2018

19:43

Not applicable

None

Not applicable

Mscorlib.dll

2.0.50727.8813

4,575,232

27-Mar-2020

13:11

x64

None

Not applicable

Normidna.nlp

Not applicable

59,342

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfc.nlp

Not applicable

45,794

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfd.nlp

Not applicable

39,284

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfkc.nlp

Not applicable

66,384

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfkd.nlp

Not applicable

60,294

04-May-2018

19:43

Not applicable

None

Not applicable

Prc.nlp

Not applicable

83,748

04-May-2018

19:43

Not applicable

None

Not applicable

Prcp.nlp

Not applicable

83,748

04-May-2018

19:43

Not applicable

None

Not applicable

Sortkey.nlp

Not applicable

262,148

04-May-2018

19:43

Not applicable

None

Not applicable

Sorttbls.nlp

Not applicable

20,320

04-May-2018

19:43

Not applicable

None

Not applicable

Xjis.nlp

Not applicable

28,288

04-May-2018

19:43

Not applicable

None

Not applicable

Aspnet_wp.exe

2.0.50727.8762

43,160

07-Apr-2017

13:09

x64

SPN

AMD64_NETFX-ASP

Mscordacwks.dll

2.0.50727.8813

1,758,088

27-Mar-2020

13:11

x64

None

Not applicable

Mscorsvc.dll

2.0.50727.8793

495,232

24-Jul-2018

15:10

x64

None

Not applicable

Mscorwks.dll

2.0.50727.8813

10,011,528

27-Mar-2020

13:11

x64

None

Not applicable

Sos.dll

2.0.50727.8813

486,792

27-Mar-2020

13:11

x64

None

Not applicable

System.configuration.dll

2.0.50727.8949

430,080

19-Jun-2020

00:44

x86

None

Not applicable

System.data.sqlxml.dll

2.0.50727.8773

745,472

01-Dec-2017

13:13

x86

None

Not applicable

System.management.dll

2.0.50727.8766

389,120

12-Jul-2017

13:09

x86

None

Not applicable

System.runtime.remoting.dll

2.0.50727.8771

307,200

31-Aug-2017

13:09

x86

None

Not applicable

System.security.dll

2.0.50727.8784

274,432

27-Mar-2018

17:37

x86

None

Not applicable

System.web.regularexpressions.dll

2.0.50727.8762

98,304

07-Apr-2017

13:09

x86

None

Not applicable

System.xml.dll

2.0.50727.8773

2,056,192

01-Dec-2017

13:13

x86

None

Not applicable

System.dll

2.0.50727.8806

3,211,264

29-Mar-2019

13:06

x86

None

Not applicable

Webengine.dll

2.0.50727.8762

746,648

07-Apr-2017

13:09

x64

None

Not applicable

Wminet_utils.dll

2.0.50727.8766

140,960

12-Jul-2017

13:09

x64

None

Not applicable

System.web.extensions.dll

3.5.30729.8814

1,282,048

02-Nov-2018

13:06

x86

None

Not applicable

Presentationcore.dll

3.0.6920.8833

4,006,400

07-Dec-2019

02:06

x64

None

Not applicable

Presentationfontcache.exe.config

Not applicable

161

04-May-2018

19:43

Not applicable

None

Not applicable

Wpfgfx_v0300.dll

3.0.6920.8833

2,265,888

07-Dec-2019

02:06

x64

None

Not applicable

System.data.dll

2.0.50727.8949

3,158,016

19-Jun-2020

00:44

x64

None

Not applicable

System.printing.dll

3.0.6920.8833

358,400

07-Dec-2019

02:06

x64

None

Not applicable

System.web.dll

2.0.50727.8762

5,296,128

07-Apr-2017

13:09

x64

None

Not applicable

Servicemonikersupport.dll

3.0.4506.8841

30,192

27-Mar-2020

13:11

x64

None

Not applicable

Smdiagnostics.dll

3.0.4506.8841

94,208

27-Mar-2020

13:11

x86

None

Not applicable

Smsvchost.exe

3.0.4506.8841

127,488

27-Mar-2020

13:11

x86

None

Not applicable

System.identitymodel.dll

3.0.4506.8841

405,504

27-Mar-2020

13:11

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8841

847,872

27-Mar-2020

13:11

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8841

847,872

27-Mar-2020

13:11

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8841

5,337,088

27-Mar-2020

13:11

x86

None

Not applicable

System.servicemodel.washosting.dll

3.0.4506.8841

32,768

27-Mar-2020

13:11

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8841

5,337,088

27-Mar-2020

13:11

x86

None

Not applicable

Penimc.dll

3.0.6920.8833

95,728

07-Dec-2019

02:06

x64

None

Not applicable

Presentationframework.dll

3.0.6920.8833

4,648,960

07-Dec-2019

02:06

x86

None

Not applicable

Presentationhostdll.dll

3.0.6920.8833

182,048

07-Dec-2019

02:06

x64

None

Not applicable

Reachframework.dll

3.0.6920.8833

536,576

07-Dec-2019

02:06

x86

None

Not applicable

Windowsbase.dll

3.0.6920.8833

1,118,208

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.activities.dll

3.0.4203.8833

1,060,864

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.componentmodel.dll

3.0.4203.8833

1,531,904

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.runtime.dll

3.0.4203.8833

454,656

07-Dec-2019

02:06

x86

None

Not applicable

Presentationframework.dll

3.0.6920.8833

5,292,032

07-Dec-2019

02:06

x86

None

Not applicable

Reachframework.dll

3.0.6920.8833

536,576

07-Dec-2019

02:06

x86

None

Not applicable

Smdiagnostics.dll

3.0.4506.8841

110,592

27-Mar-2020

13:11

x86

None

Not applicable

Smsvchost.exe

3.0.4506.8841

139,568

27-Mar-2020

13:11

x86

None

Not applicable

System.configuration.dll

2.0.50727.8949

430,080

19-Jun-2020

00:43

x86

None

Not applicable

System.data.sqlxml.dll

2.0.50727.8773

745,472

01-Dec-2017

13:05

x86

None

Not applicable

System.identitymodel.dll

3.0.4506.8841

446,464

27-Mar-2020

13:11

x86

None

Not applicable

System.management.dll

2.0.50727.8766

389,120

12-Jul-2017

13:09

x86

None

Not applicable

System.runtime.remoting.dll

2.0.50727.8771

307,200

31-Aug-2017

13:08

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8841

970,752

27-Mar-2020

13:11

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8841

970,752

27-Mar-2020

13:11

x86

None

Not applicable

System.security.dll

2.0.50727.8784

274,432

27-Mar-2018

17:37

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8841

5,996,544

27-Mar-2020

13:11

x86

None

Not applicable

System.servicemodel.washosting.dll

3.0.4506.8841

32,768

27-Mar-2020

13:11

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8841

5,996,544

27-Mar-2020

13:11

x86

None

Not applicable

System.web.extensions.dll

3.5.30729.8814

1,282,048

02-Nov-2018

13:06

x86

None

Not applicable

System.web.regularexpressions.dll

2.0.50727.8762

98,304

07-Apr-2017

13:09

x86

None

Not applicable

System.workflow.activities.dll

3.0.4203.8833

1,142,784

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.componentmodel.dll

3.0.4203.8833

1,638,400

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.runtime.dll

3.0.4203.8833

540,672

07-Dec-2019

02:06

x86

None

Not applicable

System.xml.dll

2.0.50727.8773

2,056,192

01-Dec-2017

13:05

x86

None

Not applicable

System.dll

2.0.50727.8806

3,211,264

02-Apr-2019

19:25

x86

None

Not applicable

Windowsbase.dll

3.0.6920.8833

1,257,472

07-Dec-2019

02:06

x86

None

Not applicable

Big5.nlp

Not applicable

66,728

15-Nov-2017

00:49

Not applicable

None

Not applicable

Bopomofo.nlp

Not applicable

82,172

15-Nov-2017

00:49

Not applicable

None

Not applicable

Ksc.nlp

Not applicable

116,756

15-Nov-2017

00:49

Not applicable

None

Not applicable

Mscorlib.dll

2.0.50727.8813

4,558,848

27-Mar-2020

13:11

x86

None

Not applicable

Normidna.nlp

Not applicable

59,342

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfc.nlp

Not applicable

45,794

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfd.nlp

Not applicable

39,284

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfkc.nlp

Not applicable

66,384

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfkd.nlp

Not applicable

60,294

15-Nov-2017

00:49

Not applicable

None

Not applicable

Prc.nlp

Not applicable

83,748

15-Nov-2017

00:49

Not applicable

None

Not applicable

Prcp.nlp

Not applicable

83,748

15-Nov-2017

00:49

Not applicable

None

Not applicable

Sortkey.nlp

Not applicable

262,148

15-Nov-2017

00:49

Not applicable

None

Not applicable

Sorttbls.nlp

Not applicable

20,320

15-Nov-2017

00:49

Not applicable

None

Not applicable

Xjis.nlp

Not applicable

28,288

15-Nov-2017

00:49

Not applicable

None

Not applicable

Aspnet_wp.exe

2.0.50727.8762

31,384

07-Apr-2017

13:09

x86

SPN

X86_NETFX-ASP

Mscordacwks.dll

2.0.50727.8813

991,112

27-Mar-2020

13:11

x86

None

Not applicable

Mscorsvc.dll

2.0.50727.8793

231,992

24-Jul-2018

15:10

x86

None

Not applicable

Mscorwks.dll

2.0.50727.8813

5,949,832

27-Mar-2020

13:11

x86

None

Not applicable

Sos.dll

2.0.50727.8813

390,536

27-Mar-2020

13:11

x86

None

Not applicable

Webengine.dll

2.0.50727.8762

437,400

07-Apr-2017

13:09

x86

None

Not applicable

Wminet_utils.dll

2.0.50727.8766

116,896

12-Jul-2017

13:09

x86

None

Not applicable

System.web.extensions.dll

3.5.30729.8814

1,282,048

02-Nov-2018

13:06

x86

None

Not applicable

Presentationcore.dll

3.0.6920.8833

4,222,976

07-Dec-2019

02:06

x86

None

Not applicable

Presentationfontcache.exe.config

Not applicable

161

15-Nov-2017

00:51

Not applicable

None

Not applicable

Wpfgfx_v0300.dll

3.0.6920.8833

1,747,952

07-Dec-2019

02:06

x86

None

Not applicable

System.data.dll

2.0.50727.8949

2,983,424

19-Jun-2020

00:43

x86

None

Not applicable

System.printing.dll

3.0.6920.8833

372,736

07-Dec-2019

02:06

x86

None

Not applicable

System.web.dll

2.0.50727.8762

5,287,936

07-Apr-2017

13:09

x86

None

Not applicable

Servicemonikersupport.dll

3.0.4506.8841

28,152

27-Mar-2020

13:11

x86

None

Not applicable

System.identitymodel.dll

3.0.4506.8841

446,464

27-Mar-2020

13:11

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8841

970,752

27-Mar-2020

13:11

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8841

5,996,544

27-Mar-2020

13:11

x86

None

Not applicable

Penimc.dll

3.0.6920.8833

78,624

07-Dec-2019

02:06

x86

None

Not applicable

Presentationframework.dll

3.0.6920.8833

5,292,032

07-Dec-2019

02:06

x86

None

Not applicable

Presentationhostdll.dll

3.0.6920.8833

141,288

07-Dec-2019

02:06

x86

None

Not applicable

Reachframework.dll

3.0.6920.8833

536,576

07-Dec-2019

02:06

x86

None

Not applicable

Windowsbase.dll

3.0.6920.8833

1,257,472

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.activities.dll

3.0.4203.8833

1,142,784

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.componentmodel.dll

3.0.4203.8833

1,638,400

07-Dec-2019

02:06

x86

None

Not applicable

System.workflow.runtime.dll

3.0.4203.8833

540,672

07-Dec-2019

02:06

x86

None

Not applicable

Information about protection and security

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.