This update is included in the Security and Quality Rollup that's dated October 10, 2023. Parts of this update were previously released in the rollup that's dated September 12, 2023. Summary

Summary. Quality Improvements. For a list of improvements that were released with this update, please see the article links in the Additional Information section of this article. Important. All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed.

This update is cumulative and contains all previously released security improvements. Quality and Reliability Improvements. For a list of improvements that were released with this update, please see the article links in the Additional Information section of this article.

Summary. Security Improvements. CVE-2023-36796 - .NET Framework Remote Code Execution Vulnerability. This security update addresses a vulnerability in DiaSymReader.dll when reading a corrupted PDB file which can lead to Remote Code Execution. For more information see CVE 2023-36796.

This security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111. Quality Improvements. For a list of improvements that were released with this update, please see the article links in the Additional Information section of this article. Important.

This security update addresses a vulnerability in bypass restrictions when deserializing a DataSet or DataTable from XML, leading to an elevation of privilege. For more information see CVE-2023-24936. CVE-2023-29331 - .NET Framework Denial of Service Vulnerability.

The April 9, 2024 update for Windows Server 2012 R2 includes cumulative security and reliability improvements in .NET Framework 3.5. We recommend that you apply this update as part of your regular maintenance routines.

Security Improvements. CVE-2023-24897 - .NET Framework Remote Code Execution Vulnerability. This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remove code execution. For more information see CVE 2023-24897.

Summary. Security Improvements. There are no new security improvements in this release. This update is cumulative and contains all previously released security improvements. Quality and Reliability Improvements.

Security Improvements. CVE-2023-36560 – .NET Framework Security Feature Bypass Vulnerability. This security update addresses a security feature bypass vulnerability detailed in CVE-2023-36560. CVE-2023-36049 – .NET Framework Elevation of Privilege Vulnerability.