To exploit the vulnerability, an attacker must provide a URL string to an application that tries to verify that the URL belongs to a specific host name or to a subdomain of that host name.

To get the stand-alone package for Windows 7 and Windows Server 2008 R2 for this update, go to the Microsoft Update Catalog. On your WSUS server, follow these steps: Click Start, click Administrative Tools, and then click Microsoft Windows Server Update Services 3.0. Expand ComputerName, and then click Action. Click Import Updates.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). The following articles contain additional information about this update as it relates to individual product versions. This update is available through Windows Update.

To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods. This security update addresses the vulnerability by correcting how .NET Framework validates input. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.

This security update resolves a vulnerability in the Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploits this vulnerability by using the .NET Framework could take control of an affected system.

To exploit the vulnerability, an attacker would first have to convince the user to open a malicious document or application. This security update addresses the vulnerability by correcting how .NET Framework validates untrusted input. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8421.

On July 23, 2020, update KB4565616 v2 was released to replace v1 for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. The v1 update did not install for customers who had certain ESU configurations. The v2 update corrects the issue for customers who could not install the v1 update.

To exploit the vulnerability, an attacker would have to pass specific input to an application through susceptible .NET Framework methods. This security update addresses the vulnerability by correcting how .NET Framework validates input. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8284.

Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Select Add to add them to your basket.

To get the stand-alone package for this update, go to the Microsoft Update Catalog. On your WSUS server, follow these steps: Select Start, select Administrative Tools, and then select Microsoft Windows Server Update Services 3.0. Expand ComputerName, and then select Action. Select Import Updates.