Update Rollup 13.1 for Windows Azure Pack Web Sites version 2

Applies to: Windows Azure Pack

Summary


A remote code execution vulnerability exists when Windows Azure Pack Web Sites does not check the length of a buffer before copying memory to it. To learn more about this vulnerability, go to CVE-2019-1372.

This Update Rollup 13.1 for Windows Azure Pack Web Sites version 2 includes a security update that addresses this vulnerability.

This update rollup replaces Update Rollup 13 for Windows Azure Pack Web Sites version 2 (the final feature update for Windows Azure Pack Web Sites V2), and also includes all the fixes that were included in Update Rollup 13.

We recommend that you review the information in this article and also in Update Rollup 13 for Windows Azure Pack Web Sites version 2 before you apply this update.

Note: Windows Azure Pack Web Sites V2 is now in Extended Support, as discussed at https://aka.ms/wapwebsiteslifecycle

Issues that are fixed in this update


This update fixes the following issues:

  • Issue 1: Provides mitigation for the vulnerability discussed in CVE-2019-1372.  

Installation instructions


    Installation and upgrade instructions are documented in the Start the installation of Windows Azure Pack: Web Sites topic on the TechNet website. These instructions describe how to upgrade to Update Rollup 13.1 for Windows Azure Pack Web Sites version 2.  

    Notice that the installation and upgrade process changed significantly in Update Rollup 6. Therefore, please take the time to review the documentation. 

    There is additional guidance provided at this link to monitor the upgrade and to check the upgrade status.  

    Because of the changes that were made to the data stores in addition to the executable, this update cannot be rolled back. 

    How to obtain and install the update


    Method 1: Microsoft Download Center

    This update rollup is available for manual download and installation from the Microsoft Download Center.

    Download the Windows Azure Pack update package (Download Center)

    More information


    File hash information

    File name SHA1 hash SHA256 hash
    Websites.exe 5D29DCA9FDF7B085A3876FA73D51A3A322636D1E C2E89C562A41A170041C5F34E3E60C0C15AC6838ABBB19964E08450DA834D790

     

    File information

    The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

    File name File size Version
    Websites.exe 4,354,048 bytes 59.1.27.0