Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880)

A következőkre vonatkozik: .NET Framework 4.7.1.NET Framework 4.7.NET Framework 4.6.2

Summary


This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0786.

Additionally, this security update resolves a denial of service vulnerability that exists when .NET Framework and .NET Core components process XML documents incorrectly. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0764.

Important

  • All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 require the d3dcompiler_47.dll to be installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see KB 4019990.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update


Enhanced Key Usage (EKU) is described in RFC 5280 in section 4.2.1.12. This extension indicates one or more purposes for which the certified public key may be used, in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation will fail.

When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2. Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly.

First, consider making changes to your component’s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:

<appSettings>    <add key="wcf:useLegacyCertificateUsagePolicy" value="true" /></appSettings>

Note Setting the value to “true” will opt out of the security changes.

  • For more information about this security update as it relates to Windows 7 SP1 and Windows Server 2008 R2 SP1, see the following article in the Microsoft Knowledge Base:

    4055532 Security and Quality Rollup for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4055532)

How to obtain and install the update


Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
 

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

  1. Click Start, click Administrative Tools, and then click Microsoft Windows Server Update Services 3.0.
  2. Expand ComputerName, and then click Action.
  3. Click Import Updates.
  4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. You must install the ActiveX control to continue.
  5. The Microsoft Update Catalog screen opens. Enter 4055532 into the Search box, and then click Search.
  6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Click Add to add them to your basket.
  7. After you select all the packages that you require, click View Basket.
  8. Click Import to import the packages to your WSUS server.
  9. To return to WSUS, click Close after the packages are imported.

The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20180109 Security update deployment information: January 9, 2018

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces previously released updates KB 4049019 and KB 4041086.

File information


File name SHA1 hash SHA256 hash
NDP47-KB4074880-x64.exe 7614E045D68CF219949917B18194B0BC8EE2B007 3C8C24A399A00CDAEA369A79622D9FC198EDA0D7E372828C7B22165C8A850015
NDP47-KB4074880-x86.exe 3B871776F1918A0BC83F51BB2C5AC0366B18F08B 14883E19073A3C9D5EC56C50C7EEF4B20F72448458F0A1207A244CC1D969121C

File attributes

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

For all x86-based versions of systems

File name File version File size Date Time
Aspnet_perf.dll 4.7.2117.0 42,648 12-Jan-2018 02:30
aspnet_wp.exe 4.7.2117.0 46,176 12-Jan-2018 02:30
clr.dll 4.7.2117.0 7,221,880 12-Jan-2018 02:30
clrjit.dll 4.7.2117.0 522,888 12-Jan-2018 02:30
dfdll.dll 4.7.2117.0 159,872 12-Jan-2018 02:30
GlobalUserInterface.CompositeFont   182,000

18-Oct-2017

02:32
mscordacwks.dll 4.7.2117.0 1,341,080 12-Jan-2018 02:30
mscordbi.dll 4.7.2117.0 1,164,944 12-Jan-2018 02:30
mscoreei.dll 4.7.2117.0 511,632 12-Jan-2018 02:30
mscorlib.dll 4.7.2117.0 5,614,224 12-Jan-2018 02:30
msvcp120_clr0400.dll 12.0.52519.0 485,576 12-Jan-2018 02:32
msvcr120_clr0400.dll 12.0.52519.0 987,840 12-Jan-2018 02:32
VsVersion.dll 14.7.2563.0 19,096 12-Jan-2018 02:32
peverify.dll 4.7.2117.0 188,560 12-Jan-2018 02:30
PresentationCore.dll 4.7.2563.0 3,630,416 12-Jan-2018 02:32
PresentationFramework.dll 4.7.2563.0 6,210,912 12-Jan-2018 02:32
PresentationHost_v0400.dll 4.7.2563.0 197,320 12-Jan-2018 02:32
PresentationHost_v0400.dll.mui 4.7.2563.0 84,696 12-Jan-2018 02:32
PresentationNative_v0400.dll 4.7.2563.0 827,088 12-Jan-2018 02:32
ServiceMonikerSupport.dll 4.7.2612.0 29,376 12-Jan-2018 02:30
SMDiagnostics.dll 4.7.2612.0 73,376 12-Jan-2018 02:30
SOS.dll 4.7.2117.0 743,544 12-Jan-2018 02:30
System.Activities.dll 4.7.2612.0 1,532,600 12-Jan-2018 02:30
System.ComponentModel.DataAnnotations.dll 4.7.2117.0 124,480 12-Jan-2018 02:30
System.Core.dll 4.7.2563.0 1,482,304 12-Jan-2018 02:32
System.Data.Entity.dll 4.7.2117.0 4,034,232 12-Jan-2018 02:30
System.IdentityModel.dll 4.7.2612.0 1,088,720 12-Jan-2018 02:30
System.IdentityModel.Services.dll 4.7.2612.0 198,368 12-Jan-2018 02:30
System.Runtime.Serialization.dll 4.7.2612.0 1,054,464 12-Jan-2018 02:30
System.ServiceModel.Channels.dll 4.7.2612.0 157,920 12-Jan-2018 02:30
System.ServiceModel.Discovery.dll 4.7.2612.0 308,448 12-Jan-2018 02:30
System.ServiceModel.dll 4.7.2612.0 6,315,712 12-Jan-2018 02:30
System.ServiceModel.Internals.dll 4.7.2612.0 253,696 12-Jan-2018 02:30
System.ServiceModel.Routing.dll 4.7.2117.0 130,776 12-Jan-2018 02:30
System.ServiceModel.WasHosting.dll 4.7.2612.0 39,656 12-Jan-2018 02:30
System.Web.ApplicationServices.dll 4.7.2117.0 70,920 12-Jan-2018 02:30
System.Web.Extensions.dll 4.7.2117.0 1,849,552 12-Jan-2018 02:30
System.Workflow.Activities.dll 4.7.2117.0 1,051,352 12-Jan-2018 02:30
System.Workflow.ComponentModel.dll 4.7.2117.0 1,541,864 12-Jan-2018 02:30
System.Workflow.Runtime.dll 4.7.2117.0 499,400 12-Jan-2018 02:30
System.Runtime.Caching.dll 4.7.2117.0 109,928 12-Jan-2018 02:30
System.Data.dll 4.7.2117.0 3,391,128 12-Jan-2018 02:30
System.Data.SqlXml.dll 4.7.2612.0 734,400 12-Jan-2018 02:30
System.Deployment.dll 4.7.2117.0 845,496 12-Jan-2018 02:30
System.DirectoryServices.Protocols.dll 4.7.2117.0 200,616 12-Jan-2018 02:30
System.dll 4.7.2117.0 3,525,376 12-Jan-2018 02:30
System.Drawing.dll 4.7.2117.0 599,344 12-Jan-2018 02:30
System.Management.dll 4.7.2117.0 415,416 12-Jan-2018 02:30
System.Runtime.Remoting.dll 4.7.2117.0 346,464 12-Jan-2018 02:30
System.Security.dll 4.7.2117.0 316,592 12-Jan-2018 02:30
System.Transactions.dll 4.7.2117.0 306,496 12-Jan-2018 02:30
System.Web.dll 4.7.2117.0 5,405,848 12-Jan-2018 02:30
System.Windows.Controls.Ribbon.dll 4.7.2563.0 742,632 12-Jan-2018 02:32
System.Windows.Forms.dll 4.7.2117.0 5,181,648 12-Jan-2018 02:30
System.Xaml.dll 4.7.2563.0 642,112 12-Jan-2018 02:32
System.Xml.dll 4.7.2612.0 2,670,224 12-Jan-2018 02:30
UIAutomationClient.dll 4.7.2563.0 178,000 12-Jan-2018 02:32
UIAutomationClientsideProviders.dll 4.7.2563.0 361,352 12-Jan-2018 02:32
UIAutomationProvider.dll 4.7.2563.0 48,992 12-Jan-2018 02:32
UIAutomationTypes.dll 4.7.2563.0 221,008 12-Jan-2018 02:32
webengine.dll 4.7.2117.0 24,720 12-Jan-2018 02:30
webengine4.dll 4.7.2117.0 550,040 12-Jan-2018 02:30
WindowsBase.dll 4.7.2563.0 1,289,528 12-Jan-2018 02:32
WMINet_Utils.dll 4.7.2117.0 136,344 12-Jan-2018 02:30
WorkflowServiceHostPerformanceCounters.dll 4.7.2117.0 88,464 12-Jan-2018 02:30
WPFFontCache_v0400.exe.mui 4.7.2563.0 19,144 12-Jan-2018 02:32
WPFFontCache_v0400.exe 4.7.2563.0 25,704 12-Jan-2018 02:32
wpfgfx_v0400.dll 4.7.2563.0 1,345,184 12-Jan-2018 02:32
Placeholder.dll 4.7.2563.0 24,728 12-Jan-2018 02:32
PenIMC2_v0400.dll 4.7.2563.0 82,080 12-Jan-2018 02:32

For all x64-based versions of systems

File name File version File size Date Time
Aspnet_perf.dll 4.7.2117.0 46,232 12-Jan-2018 02:30
Aspnet_perf.dll 4.7.2117.0 42,648 12-Jan-2018 02:30
aspnet_wp.exe 4.7.2117.0 50,784 12-Jan-2018 02:30
aspnet_wp.exe 4.7.2117.0 46,176 12-Jan-2018 02:30
clr.dll 4.7.2117.0 10,326,136 12-Jan-2018 02:30
clr.dll 4.7.2117.0 7,221,880 12-Jan-2018 02:30
clrjit.dll 4.7.2117.0 1,128,584 12-Jan-2018 02:30
clrjit.dll 4.7.2117.0 522,888 12-Jan-2018 02:30
compatjit.dll 4.7.2117.0 1,259,664 12-Jan-2018 02:30
dfdll.dll 4.7.2117.0 191,616 12-Jan-2018 02:30
dfdll.dll 4.7.2117.0 159,872 12-Jan-2018 02:30
GlobalUserInterface.CompositeFont   182,000

18-Oct-2017

02:32
mscordacwks.dll 4.7.2117.0 1,838,232 12-Jan-2018 02:30
mscordacwks.dll 4.7.2117.0 1,341,080 12-Jan-2018 02:30
mscordbi.dll 4.7.2117.0 1,618,576 12-Jan-2018 02:30
mscordbi.dll 4.7.2117.0 1,164,944 12-Jan-2018 02:30
mscoreei.dll 4.7.2117.0 636,048 12-Jan-2018 02:30
mscoreei.dll 4.7.2117.0 511,632 12-Jan-2018 02:30
mscorlib.dll 4.7.2117.0 5,401,736 12-Jan-2018 02:30
mscorlib.dll 4.7.2117.0 5,614,224 12-Jan-2018 02:30
msvcp120_clr0400.dll 12.0.52519.0 690,008 12-Jan-2018 02:51
msvcp120_clr0400.dll 12.0.52519.0 485,576 12-Jan-2018 02:32
msvcr120_clr0400.dll 12.0.52519.0 993,632 12-Jan-2018 02:51
msvcr120_clr0400.dll 12.0.52519.0 987,840 12-Jan-2018 02:32
VsVersion.dll 14.7.2563.0 19,096 12-Jan-2018 02:51
VsVersion.dll 14.7.2563.0 19,096 12-Jan-2018 02:32
peverify.dll 4.7.2117.0 260,240 12-Jan-2018 02:30
peverify.dll 4.7.2117.0 188,560 12-Jan-2018 02:30
PresentationCore.dll 4.7.2563.0 3,608,240 12-Jan-2018 02:51
PresentationCore.dll 4.7.2563.0 3,630,416 12-Jan-2018 02:32
PresentationFramework.dll 4.7.2563.0 6,210,912 12-Jan-2018 02:32
PresentationHost_v0400.dll 4.7.2563.0 252,104 12-Jan-2018 02:51
PresentationHost_v0400.dll.mui 4.7.2563.0 84,696 12-Jan-2018 02:51
PresentationHost_v0400.dll 4.7.2563.0 197,320 12-Jan-2018 02:32
PresentationHost_v0400.dll.mui 4.7.2563.0 84,696 12-Jan-2018 02:32
PresentationNative_v0400.dll 4.7.2563.0 1,109,712 12-Jan-2018 02:51
PresentationNative_v0400.dll 4.7.2563.0 827,088 12-Jan-2018 02:32
ServiceMonikerSupport.dll 4.7.2612.0 31,424 12-Jan-2018 02:30
ServiceMonikerSupport.dll 4.7.2612.0 29,376 12-Jan-2018 02:30
SMDiagnostics.dll 4.7.2612.0 73,376 12-Jan-2018 02:30
SOS.dll 4.7.2117.0 872,056 12-Jan-2018 02:30
SOS.dll 4.7.2117.0 743,544 12-Jan-2018 02:30
System.Activities.dll 4.7.2612.0 1,532,600 12-Jan-2018 02:30
System.ComponentModel.DataAnnotations.dll 4.7.2117.0 124,480 12-Jan-2018 02:30
System.Core.dll 4.7.2563.0 1,482,304 12-Jan-2018 02:32
System.Data.Entity.dll 4.7.2117.0 4,034,232 12-Jan-2018 02:30
System.IdentityModel.dll 4.7.2612.0 1,088,720 12-Jan-2018 02:30
System.IdentityModel.Services.dll 4.7.2612.0 198,368 12-Jan-2018 02:30
System.Runtime.Serialization.dll 4.7.2612.0 1,054,464 12-Jan-2018 02:30
System.ServiceModel.Channels.dll 4.7.2612.0 157,920 12-Jan-2018 02:30
System.ServiceModel.Discovery.dll 4.7.2612.0 308,448 12-Jan-2018 02:30
System.ServiceModel.dll 4.7.2612.0 6,315,712 12-Jan-2018 02:30
System.ServiceModel.Internals.dll 4.7.2612.0 253,696 12-Jan-2018 02:30
System.ServiceModel.Routing.dll 4.7.2117.0 130,776 12-Jan-2018 02:30
System.ServiceModel.WasHosting.dll 4.7.2612.0 39,656 12-Jan-2018 02:30
System.Web.ApplicationServices.dll 4.7.2117.0 70,920 12-Jan-2018 02:30
System.Web.Extensions.dll 4.7.2117.0 1,849,552 12-Jan-2018 02:30
System.Workflow.Activities.dll 4.7.2117.0 1,051,352 12-Jan-2018 02:30
System.Workflow.ComponentModel.dll 4.7.2117.0 1,541,864 12-Jan-2018 02:30
System.Workflow.Runtime.dll 4.7.2117.0 499,400 12-Jan-2018 02:30
System.Runtime.Caching.dll 4.7.2117.0 109,928 12-Jan-2018 02:30
System.Data.dll 4.7.2117.0 3,455,128 12-Jan-2018 02:30
System.Data.dll 4.7.2117.0 3,391,128 12-Jan-2018 02:30
System.Data.SqlXml.dll 4.7.2612.0 734,400 12-Jan-2018 02:30
System.Deployment.dll 4.7.2117.0 845,496 12-Jan-2018 02:30
System.DirectoryServices.Protocols.dll 4.7.2117.0 200,616 12-Jan-2018 02:30
System.dll 4.7.2117.0 3,525,376 12-Jan-2018 02:30
System.Drawing.dll 4.7.2117.0 599,344 12-Jan-2018 02:30
System.Management.dll 4.7.2117.0 415,416 12-Jan-2018 02:30
System.Runtime.Remoting.dll 4.7.2117.0 346,464 12-Jan-2018 02:30
System.Security.dll 4.7.2117.0 316,592 12-Jan-2018 02:30
System.Transactions.dll 4.7.2117.0 310,968 12-Jan-2018 02:30
System.Transactions.dll 4.7.2117.0 306,496 12-Jan-2018 02:30
System.Web.dll 4.7.2117.0 5,388,952 12-Jan-2018 02:30
System.Web.dll 4.7.2117.0 5,405,848 12-Jan-2018 02:30
System.Windows.Controls.Ribbon.dll 4.7.2563.0 742,632 12-Jan-2018 02:32
System.Windows.Forms.dll 4.7.2117.0 5,181,648 12-Jan-2018 02:30
System.Xaml.dll 4.7.2563.0 642,112 12-Jan-2018 02:32
System.XML.dll 4.7.2612.0 2,670,224 12-Jan-2018 02:30
UIAutomationClient.dll 4.7.2563.0 178,000 12-Jan-2018 02:32
UIAutomationClientsideProviders.dll 4.7.2563.0 361,352 12-Jan-2018 02:32
UIAutomationProvider.dll 4.7.2563.0 48,992 12-Jan-2018 02:32
UIAutomationTypes.dll 4.7.2563.0 221,008 12-Jan-2018 02:32
webengine.dll 4.7.2117.0 26,256 12-Jan-2018 02:30
webengine.dll 4.7.2117.0 24,720 12-Jan-2018 02:30
webengine4.dll 4.7.2117.0 667,800 12-Jan-2018 02:30
webengine4.dll 4.7.2117.0 550,040 12-Jan-2018 02:30
WindowsBase.dll 4.7.2563.0 1,289,528 12-Jan-2018 02:32
WMINet_Utils.dll 4.7.2117.0 188,064 12-Jan-2018 02:30
WMINet_Utils.dll 4.7.2117.0 136,344 12-Jan-2018 02:30
WorkflowServiceHostPerformanceCounters.dll 4.7.2117.0 100,240 12-Jan-2018 02:30
WorkflowServiceHostPerformanceCounters.dll 4.7.2117.0 88,464 12-Jan-2018 02:30
WPFFontCache_v0400.exe.mui 4.7.2563.0 19,144 12-Jan-2018 02:51
WPFFontCache_v0400.exe.mui 4.7.2563.0 19,144 12-Jan-2018 02:32
WPFFontCache_v0400.exe 4.7.2563.0 26,720 12-Jan-2018 02:51
WPFFontCache_v0400.exe 4.7.2563.0 25,704 12-Jan-2018 02:32
wpfgfx_v0400.dll 4.7.2563.0 1,764,000 12-Jan-2018 02:51
wpfgfx_v0400.dll 4.7.2563.0 1,345,184 12-Jan-2018 02:32
Placeholder.dll 4.7.2563.0 25,760 12-Jan-2018 02:51
Placeholder.dll 4.7.2563.0 24,728 12-Jan-2018 02:32
PenIMC2_v0400.dll 4.7.2563.0 98,464 12-Jan-2018 02:51
PenIMC2_v0400.dll 4.7.2563.0 82,080 12-Jan-2018 02:32

How to obtain help and support for this security update