Summary. This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations.

IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020.The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:

This article describes a General Distribution Release (GDR) update for the Microsoft .NET Framework 4. This update includes all the previous update packages in Microsoft Knowledge Base articles that are listed in the "Update replacement information" section.This update also resolves some issues that were not documented in a previously released Knowledge Base article.

Summary. This update automatically applies Safe OS Dynamic Update to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.

IMPORTANT Some customers who use Windows Server 2008 R2 SP1 and have activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on the affected devices should only be required once. For information on activation, see this blog post.

View products that this article applies to. Summary. This December 13, 2016, Security and Quality Rollup for .NET Framework 4.6 for Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2, and .NET Framework 4.6 and 4.6.1 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 includes cumulative .NET security updates and improvements in reliability in the .NET ...

How to obtain and install the update Method 1: Windows Update. This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically.

Summary. This update resolves a vulnerability in Microsoft .NET Framework that could cause denial of service when .NET Framework and .NET core components process XML documents incorrectly.

Issues that are fixed in this update. The following issues are fixed for .NET Framework 4.7.2. SQL Server (SQL) Fixes an issue in which the .NET Framework API SqlConnection.ConnectionString property is used to set a null or empty connection string. In this situation, a Null Reference Exception (NRE) occurs when you use the API together with .NET Framework 4.7.2.

Enhanced Key Usage (EKU) is described in RFC 5280 in section 4.2.1.12: This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes that are indicated in the key usage extension.For example, a certificate that’s used for the authentication of a client to a server must be configured for Client Authentication.