Applies to:

Microsoft .NET Framework 3.5

Summary

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An Authentication Bypass vulnerability exists in WCF and WIF, allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user. The vulnerability exists in WCF, WIF 3.5 and above in .NET Framework, WIF 1.0 component in Windows, WIF Nuget package, and WIF implementation in Sharepoint. An information disclosure vulnerability exists when Exchange and Azure Active Directory allow creation of entities with Display Names having non-printable characters.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

  • 4507421 Description of the Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4507421)

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog.

Method 3: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

  1. Select Start, select Administrative Tools, and then select Microsoft Windows Server Update Services 3.0.

  2. Expand ComputerName, and then select Action.

  3. Select Import Updates.

  4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. You must install the ActiveX control to continue.

  5. After the ActiveX control is installed, you see the Microsoft Update Catalog screen. Type 4507421 into the Search box, and then select Search.

  6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Select Add to add them to your basket.

  7. After you select all the packages that you require, select View Basket.

  8. To import the packages to your WSUS server, select Import.

  9. After the packages are imported, select Close to return to WSUS.

The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20190709 Security update deployment information: July 9, 2019

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces previously released updates 4499407 and 4503866.


File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows Server 2012 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information

File hash information

File name

SHA1 hash

SHA256 hash

Windows8-RT-KB4507002-x64.msu

CE3982337C95C0BC80291A835DB8F877C57BB32E

DE3D851F09A8B96B000BA4E71AAD751FBAA2859C3CA14777EE8163747188CBA2

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Big5.nlp

Not applicable

66,728

04-May-2018

19:43

Not applicable

None

Not applicable

Bopomofo.nlp

Not applicable

82,172

04-May-2018

19:43

Not applicable

None

Not applicable

Ksc.nlp

Not applicable

116,756

04-May-2018

19:43

Not applicable

None

Not applicable

Mscorlib.dll

2.0.50727.8806

4,575,232

29-Mar-2019

13:06

x64

None

Not applicable

Normidna.nlp

Not applicable

59,342

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfc.nlp

Not applicable

45,794

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfd.nlp

Not applicable

39,284

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfkc.nlp

Not applicable

66,384

04-May-2018

19:43

Not applicable

None

Not applicable

Normnfkd.nlp

Not applicable

60,294

04-May-2018

19:43

Not applicable

None

Not applicable

Prc.nlp

Not applicable

83,748

04-May-2018

19:43

Not applicable

None

Not applicable

Prcp.nlp

Not applicable

83,748

04-May-2018

19:43

Not applicable

None

Not applicable

Sortkey.nlp

Not applicable

262,148

04-May-2018

19:43

Not applicable

None

Not applicable

Sorttbls.nlp

Not applicable

20,320

04-May-2018

19:43

Not applicable

None

Not applicable

Xjis.nlp

Not applicable

28,288

04-May-2018

19:43

Not applicable

None

Not applicable

Aspnet_wp.exe

2.0.50727.8762

43,160

07-Apr-2017

13:09

x64

SPN

AMD64_NETFX-ASP

Mscordacwks.dll

2.0.50727.8806

1,757,336

29-Mar-2019

13:06

x64

None

Not applicable

Mscorsvc.dll

2.0.50727.8793

495,232

24-Jul-2018

15:10

x64

None

Not applicable

Mscorwks.dll

2.0.50727.8806

10,007,192

29-Mar-2019

13:06

x64

None

Not applicable

Sos.dll

2.0.50727.8806

486,040

29-Mar-2019

13:06

x64

None

Not applicable

System.data.sqlxml.dll

2.0.50727.8773

745,472

01-Dec-2017

13:13

x86

None

Not applicable

System.management.dll

2.0.50727.8766

389,120

12-Jul-2017

13:09

x86

None

Not applicable

System.runtime.remoting.dll

2.0.50727.8771

307,200

31-Aug-2017

13:09

x86

None

Not applicable

System.security.dll

2.0.50727.8784

274,432

27-Mar-2018

17:37

x86

None

Not applicable

System.web.regularexpressions.dll

2.0.50727.8762

98,304

07-Apr-2017

13:09

x86

None

Not applicable

System.xml.dll

2.0.50727.8773

2,056,192

01-Dec-2017

13:13

x86

None

Not applicable

System.dll

2.0.50727.8806

3,211,264

29-Mar-2019

13:06

x86

None

Not applicable

Webengine.dll

2.0.50727.8762

746,648

07-Apr-2017

13:09

x64

None

Not applicable

Wminet_utils.dll

2.0.50727.8766

140,960

12-Jul-2017

13:09

x64

None

Not applicable

System.web.extensions.dll

3.5.30729.8814

1,282,048

02-Nov-2018

13:06

x86

None

Not applicable

Presentationcore.dll

3.0.6920.8773

4,006,400

29-Mar-2017

13:09

x64

None

Not applicable

Presentationfontcache.exe.config

Not applicable

161

06-Jul-2012

20:06

Not applicable

None

Not applicable

Wpfgfx_v0300.dll

3.0.6920.8773

2,256,032

29-Mar-2017

13:09

x64

None

Not applicable

System.data.dll

2.0.50727.8762

3,150,336

06-Apr-2017

20:26

x64

None

Not applicable

System.printing.dll

3.0.6920.8773

358,400

29-Mar-2017

13:09

x64

None

Not applicable

System.web.dll

2.0.50727.8762

5,296,128

07-Apr-2017

13:09

x64

None

Not applicable

Servicemonikersupport.dll

3.0.4506.8831

29,968

03-Jul-2019

22:15

x64

None

Not applicable

Smdiagnostics.dll

3.0.4506.8831

94,208

03-Jul-2019

22:15

x86

None

Not applicable

Smsvchost.exe

3.0.4506.8831

127,272

03-Jul-2019

22:15

x86

None

Not applicable

System.identitymodel.dll

3.0.4506.8831

405,504

03-Jul-2019

22:15

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8831

847,872

03-Jul-2019

22:15

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8831

847,872

03-Jul-2019

22:15

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8831

5,337,088

03-Jul-2019

22:15

x86

None

Not applicable

System.servicemodel.washosting.dll

3.0.4506.8831

32,768

03-Jul-2019

22:15

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8831

5,337,088

03-Jul-2019

22:15

x86

None

Not applicable

Penimc.dll

3.0.6920.8773

85,648

29-Mar-2017

13:09

x64

None

Not applicable

Presentationframework.dll

3.0.6920.8773

4,640,768

29-Mar-2017

13:09

x86

None

Not applicable

Presentationhostdll.dll

3.0.6920.8773

172,208

29-Mar-2017

13:09

x64

None

Not applicable

Reachframework.dll

3.0.6920.8773

532,480

29-Mar-2017

13:09

x86

None

Not applicable

Windowsbase.dll

3.0.6920.8773

1,118,208

29-Mar-2017

13:09

x86

None

Not applicable

System.workflow.activities.dll

3.0.4203.8826

1,060,864

11-Jun-2019

16:30

x86

None

Not applicable

System.workflow.componentmodel.dll

3.0.4203.8826

1,527,808

11-Jun-2019

16:30

x86

None

Not applicable

System.workflow.runtime.dll

3.0.4203.8826

454,656

11-Jun-2019

16:30

x86

None

Not applicable

Presentationframework.dll

3.0.6920.8773

5,283,840

29-Mar-2017

13:09

x86

None

Not applicable

Reachframework.dll

3.0.6920.8773

532,480

29-Mar-2017

13:09

x86

None

Not applicable

Smdiagnostics.dll

3.0.4506.8831

110,592

03-Jul-2019

22:14

x86

None

Not applicable

Smsvchost.exe

3.0.4506.8831

139,560

03-Jul-2019

22:14

x86

None

Not applicable

System.data.sqlxml.dll

2.0.50727.8773

745,472

01-Dec-2017

13:05

x86

None

Not applicable

System.identitymodel.dll

3.0.4506.8831

446,464

03-Jul-2019

22:14

x86

None

Not applicable

System.management.dll

2.0.50727.8766

389,120

12-Jul-2017

13:09

x86

None

Not applicable

System.runtime.remoting.dll

2.0.50727.8771

307,200

31-Aug-2017

13:08

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8831

970,752

03-Jul-2019

22:14

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8831

970,752

03-Jul-2019

22:14

x86

None

Not applicable

System.security.dll

2.0.50727.8784

274,432

27-Mar-2018

17:37

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8831

5,996,544

03-Jul-2019

22:14

x86

None

Not applicable

System.servicemodel.washosting.dll

3.0.4506.8831

32,768

03-Jul-2019

22:14

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8831

5,996,544

03-Jul-2019

22:14

x86

None

Not applicable

System.web.extensions.dll

3.5.30729.8814

1,282,048

02-Nov-2018

13:06

x86

None

Not applicable

System.web.regularexpressions.dll

2.0.50727.8762

98,304

07-Apr-2017

13:09

x86

None

Not applicable

System.workflow.activities.dll

3.0.4203.8826

1,142,784

11-Jun-2019

16:30

x86

None

Not applicable

System.workflow.componentmodel.dll

3.0.4203.8826

1,634,304

11-Jun-2019

16:30

x86

None

Not applicable

System.workflow.runtime.dll

3.0.4203.8826

540,672

11-Jun-2019

16:30

x86

None

Not applicable

System.xml.dll

2.0.50727.8773

2,056,192

01-Dec-2017

13:05

x86

None

Not applicable

System.dll

2.0.50727.8806

3,211,264

02-Apr-2019

19:25

x86

None

Not applicable

Windowsbase.dll

3.0.6920.8773

1,257,472

29-Mar-2017

13:09

x86

None

Not applicable

Big5.nlp

Not applicable

66,728

15-Nov-2017

00:49

Not applicable

None

Not applicable

Bopomofo.nlp

Not applicable

82,172

15-Nov-2017

00:49

Not applicable

None

Not applicable

Ksc.nlp

Not applicable

116,756

15-Nov-2017

00:49

Not applicable

None

Not applicable

Mscorlib.dll

2.0.50727.8806

4,558,848

02-Apr-2019

19:25

x86

None

Not applicable

Normidna.nlp

Not applicable

59,342

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfc.nlp

Not applicable

45,794

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfd.nlp

Not applicable

39,284

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfkc.nlp

Not applicable

66,384

15-Nov-2017

00:49

Not applicable

None

Not applicable

Normnfkd.nlp

Not applicable

60,294

15-Nov-2017

00:49

Not applicable

None

Not applicable

Prc.nlp

Not applicable

83,748

15-Nov-2017

00:49

Not applicable

None

Not applicable

Prcp.nlp

Not applicable

83,748

15-Nov-2017

00:49

Not applicable

None

Not applicable

Sortkey.nlp

Not applicable

262,148

15-Nov-2017

00:49

Not applicable

None

Not applicable

Sorttbls.nlp

Not applicable

20,320

15-Nov-2017

00:49

Not applicable

None

Not applicable

Xjis.nlp

Not applicable

28,288

15-Nov-2017

00:49

Not applicable

None

Not applicable

Aspnet_wp.exe

2.0.50727.8762

31,384

07-Apr-2017

13:09

x86

SPN

X86_NETFX-ASP

Mscordacwks.dll

2.0.50727.8806

990,360

02-Apr-2019

19:25

x86

None

Not applicable

Mscorsvc.dll

2.0.50727.8793

231,992

24-Jul-2018

15:10

x86

None

Not applicable

Mscorwks.dll

2.0.50727.8806

5,947,032

02-Apr-2019

19:25

x86

None

Not applicable

Sos.dll

2.0.50727.8806

389,784

02-Apr-2019

19:25

x86

None

Not applicable

Webengine.dll

2.0.50727.8762

437,400

07-Apr-2017

13:09

x86

None

Not applicable

Wminet_utils.dll

2.0.50727.8766

116,896

12-Jul-2017

13:09

x86

None

Not applicable

System.web.extensions.dll

3.5.30729.8814

1,282,048

02-Nov-2018

13:06

x86

None

Not applicable

Presentationcore.dll

3.0.6920.8773

4,222,976

29-Mar-2017

13:09

x86

None

Not applicable

Presentationfontcache.exe.config

Not applicable

161

06-Jul-2012

20:04

Not applicable

None

Not applicable

Wpfgfx_v0300.dll

3.0.6920.8773

1,737,888

29-Mar-2017

13:09

x86

None

Not applicable

System.data.dll

2.0.50727.8762

2,975,744

06-Apr-2017

20:26

x86

None

Not applicable

System.printing.dll

3.0.6920.8773

372,736

29-Mar-2017

13:09

x86

None

Not applicable

System.web.dll

2.0.50727.8762

5,287,936

07-Apr-2017

13:09

x86

None

Not applicable

Servicemonikersupport.dll

3.0.4506.8831

27,920

03-Jul-2019

22:14

x86

None

Not applicable

System.identitymodel.dll

3.0.4506.8831

446,464

03-Jul-2019

22:14

x86

None

Not applicable

System.runtime.serialization.dll

3.0.4506.8831

970,752

03-Jul-2019

22:14

x86

None

Not applicable

System.servicemodel.dll

3.0.4506.8831

5,996,544

03-Jul-2019

22:14

x86

None

Not applicable

Penimc.dll

3.0.6920.8773

68,752

29-Mar-2017

13:09

x86

None

Not applicable

Presentationframework.dll

3.0.6920.8773

5,283,840

29-Mar-2017

13:09

x86

None

Not applicable

Presentationhostdll.dll

3.0.6920.8773

131,248

29-Mar-2017

13:09

x86

None

Not applicable

Reachframework.dll

3.0.6920.8773

532,480

29-Mar-2017

13:09

x86

None

Not applicable

Windowsbase.dll

3.0.6920.8773

1,257,472

29-Mar-2017

13:09

x86

None

Not applicable

System.workflow.activities.dll

3.0.4203.8826

1,142,784

11-Jun-2019

16:30

x86

None

Not applicable

System.workflow.componentmodel.dll

3.0.4203.8826

1,634,304

11-Jun-2019

16:30

x86

None

Not applicable

System.workflow.runtime.dll

3.0.4203.8826

540,672

11-Jun-2019

16:30

x86

None

Not applicable

Information about protection and security

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×