A remote code execution vulnerability exists when Windows Azure Pack Web Sites does not check the length of a buffer before copying memory to it. To learn more about this vulnerability, go to CVE-2019-1372.
This Update Rollup 13.1 for Windows Azure Pack Web Sites version 2 includes a security update that addresses this vulnerability.
This update rollup replaces Update Rollup 13 for Windows Azure Pack Web Sites version 2 (the final feature update for Windows Azure Pack Web Sites V2), and also includes all the fixes that were included in Update Rollup 13.
We recommend that you review the information in this article and also in Update Rollup 13 for Windows Azure Pack Web Sites version 2 before you apply this update.
Note: Windows Azure Pack Web Sites V2 is now in Extended Support, as discussed at https://aka.ms/wapwebsiteslifecycle
Issues that are fixed in this update
Installation and upgrade instructions are documented in the Start the installation of Windows Azure Pack: Web Sites topic on the TechNet website. These instructions describe how to upgrade to Update Rollup 13.1 for Windows Azure Pack Web Sites version 2.
Notice that the installation and upgrade process changed significantly in Update Rollup 6. Therefore, please take the time to review the documentation.
There is additional guidance provided at this link to monitor the upgrade and to check the upgrade status.
Because of the changes that were made to the data stores in addition to the executable, this update cannot be rolled back.
How to obtain and install the update
Method 1: Microsoft Download Center
This update rollup is available for manual download and installation from the Microsoft Download Center.
File hash information
|File name||SHA1 hash||SHA256 hash|
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
|File name||File size||Version|