Customers who attempt to pre-install updates to .NET Framework 3.5 to offline images that do not contain the .NET Framework 3.5 product enabled will expose these systems to failures to enable .NET Framework 3.5 after the systems are online.

An attacker who successfully exploits this vulnerability could use it to bypass security logic that's intended to make sure that a user-provided URL belonged to a specific host name or a subdomain of that host name. This could be used to cause privileged communication to be made to an untrusted service as if it were a trusted service.

All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see KB 4019990.

This article applies to the following: Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 when used with: Windows Server 2012. Resolves a security feature bypass vulnerability and a denial of service vulnerability in .NET Framework and .NET core components.

Summary. This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploits the vulnerability could retrieve from a web application content that's normally restricted.

This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations.

This security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0613. A vulnerability in certain .NET Framework APIs that parse URLs.

This security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-0613. A vulnerability in certain .NET Framework APIs that parse URLs.

This security update addresses the vulnerability by correcting how the .NET Framework validates untrusted input. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8759. Important.

October 8, 2024. Version: .NET Framework 3.5 and 4.8.1. The October 8, 2024 update for Windows 11, version 24H2 includes security and cumulative reliability improvements in .NET Framework 3.5 and 4.8.1. We recommend that you apply this update as part of your regular maintenance routines.