Iniciar sesión con Microsoft
Iniciar sesión o crear una cuenta
Hola:
Seleccione una cuenta diferente.
Tiene varias cuentas
Elija la cuenta con la que desea iniciar sesión.
Inglés
Este artículo no está disponible en su idioma.

Applies to:

Microsoft .NET Framework 4.5.2

Summary

A remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

A denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

  • 4556404 Description of the Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4556404)

How to obtain and install the update

Method 1: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

  1. Select Start, select Administrative Tools, and then select Microsoft Windows Server Update Services 3.0.

  2. Expand ComputerName, and then select Action.

  3. Select Import Updates.

  4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. You must install the ActiveX control to continue.

  5. After the ActiveX control is installed, you see the Microsoft Update Catalog screen. Type 4556404 into the Search box, and then select Search.

  6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Select Add to add them to your basket.

  7. After you select all the packages that you require, select View Basket.

  8. To import the packages to your WSUS server, select Import.

  9. After the packages are imported, select Close to return to WSUS.

The updates are now available for installation through WSUS.

Prerequisites

To apply this update, you must have .NET Framework 4.5.2 installed.

Restart requirement

You must restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20200512 Security update deployment information: May 12, 2020

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.


File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows Server 2012 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information

File hash information

File name

SHA1 hash

SHA256 hash

Windows8-RT-KB4552968-x64.msu

4DBCF0D52043637B903D0BA25808238C4C175989

DE529D646A9707D0BB079E9448304260203D289B4C48035D600F108E8B87AAC0

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Mscorlib.dll

4.0.30319.36627

5,222,688

28-Mar-2020

13:12

x64

Normidna.nlp

Not applicable

59,342

04-May-2018

19:43

Not applicable

Normnfc.nlp

Not applicable

47,076

04-May-2018

19:43

Not applicable

Normnfd.nlp

Not applicable

40,566

04-May-2018

19:43

Not applicable

Normnfkc.nlp

Not applicable

67,808

04-May-2018

19:43

Not applicable

Normnfkd.nlp

Not applicable

61,718

04-May-2018

19:43

Not applicable

Clrjit.dll

4.0.30319.36627

1,235,232

28-Mar-2020

13:12

x64

Clr.dll

4.0.30319.36627

10,071,328

28-Mar-2020

13:12

x64

Mscordacwks.dll

4.0.30319.36627

1,731,872

28-Mar-2020

13:12

x64

Mscordbi.dll

4.0.30319.36627

1,534,240

28-Mar-2020

13:12

x64

Msvcp120_clr0400.dll

12.0.52627.36627

679,200

28-Mar-2020

13:12

x64

Msvcr120_clr0400.dll

12.0.52627.36627

870,176

28-Mar-2020

13:12

x64

Penimc.dll

4.0.30319.36627

95,736

28-Mar-2020

13:12

x64

Peverify.dll

4.0.30319.36627

226,592

28-Mar-2020

13:12

x64

Presentationframework.dll

4.0.30319.36627

6,228,256

28-Mar-2020

13:12

x86

Presentationhost_v0400.dll.mui

4.0.30319.36627

85,496

28-Mar-2020

13:12

Not applicable

Presentationhost_v0400.dll

4.0.30319.36627

232,944

28-Mar-2020

13:12

x64

Presentationnative_v0400.dll

4.0.30319.36627

1,078,768

28-Mar-2020

13:12

x64

Servicemodel.mof

Not applicable

88,383

04-May-2018

19:43

Not applicable

Servicemodel.mof.uninstall

Not applicable

896

04-May-2018

19:43

Not applicable

Servicemonikersupport.dll

4.0.30319.36627

29,472

28-Mar-2020

13:12

x64

Smdiagnostics.dll

4.0.30319.36627

73,864

28-Mar-2020

13:12

x86

Sos.dll

4.0.30319.36627

823,792

28-Mar-2020

13:12

x64

System.activities.dll

4.0.30319.36627

1,583,248

28-Mar-2020

13:12

x86

System.core.dll

4.0.30319.36627

1,272,464

28-Mar-2020

13:12

x86

System.identitymodel.services.dll

4.0.30319.36627

200,480

28-Mar-2020

13:12

x86

System.identitymodel.dll

4.0.30319.36627

1,097,872

28-Mar-2020

13:12

x86

System.runtime.serialization.dll

4.0.30319.36627

1,060,496

28-Mar-2020

13:12

x86

System.servicemodel.channels.dll

4.0.30319.36627

160,024

28-Mar-2020

13:12

x86

System.servicemodel.discovery.dll

4.0.30319.36627

313,120

28-Mar-2020

13:12

x86

System.servicemodel.internals.dll

4.0.30319.36627

255,120

28-Mar-2020

13:12

x86

System.servicemodel.washosting.dll

4.0.30319.36627

40,432

28-Mar-2020

13:12

x86

System.servicemodel.dll

4.0.30319.36627

6,388,328

28-Mar-2020

13:12

x86

System.windows.controls.ribbon.dll

4.0.30319.36627

751,904

28-Mar-2020

13:12

x86

System.xaml.dll

4.0.30319.36627

641,408

28-Mar-2020

13:12

x86

Windowsbase.dll

4.0.30319.36627

1,242,392

28-Mar-2020

13:12

x86

Wpfgfx_v0400.dll

4.0.30319.36627

2,109,424

28-Mar-2020

13:12

x64

Presentationcore.dll

4.0.30319.36627

3,211,552

28-Mar-2020

13:12

x64

Presentationframework.dll

4.0.30319.36627

6,228,256

28-Mar-2020

13:13

x86

Smdiagnostics.dll

4.0.30319.36627

73,864

28-Mar-2020

13:12

x86

System.activities.dll

4.0.30319.36627

1,583,248

28-Mar-2020

13:13

x86

System.core.dll

4.0.30319.36627

1,272,464

28-Mar-2020

13:13

x86

System.identitymodel.services.dll

4.0.30319.36627

200,480

28-Mar-2020

13:13

x86

System.identitymodel.dll

4.0.30319.36627

1,097,872

28-Mar-2020

13:13

x86

System.runtime.serialization.dll

4.0.30319.36627

1,060,496

28-Mar-2020

13:13

x86

System.servicemodel.channels.dll

4.0.30319.36627

160,024

28-Mar-2020

13:13

x86

System.servicemodel.discovery.dll

4.0.30319.36627

313,120

28-Mar-2020

13:13

x86

System.servicemodel.internals.dll

4.0.30319.36627

255,120

28-Mar-2020

13:13

x86

System.servicemodel.washosting.dll

4.0.30319.36627

40,432

28-Mar-2020

13:13

x86

System.servicemodel.dll

4.0.30319.36627

6,388,328

28-Mar-2020

13:13

x86

System.windows.controls.ribbon.dll

4.0.30319.36627

751,904

28-Mar-2020

13:13

x86

System.xaml.dll

4.0.30319.36627

641,408

28-Mar-2020

13:13

x86

Windowsbase.dll

4.0.30319.36627

1,242,392

28-Mar-2020

13:13

x86

Mscorlib.dll

4.0.30319.36627

5,268,768

28-Mar-2020

13:12

x86

Normidna.nlp

Not applicable

59,342

31-Mar-2019

04:15

Not applicable

Normnfc.nlp

Not applicable

47,076

31-Mar-2019

04:15

Not applicable

Normnfd.nlp

Not applicable

40,566

31-Mar-2019

04:15

Not applicable

Normnfkc.nlp

Not applicable

67,808

31-Mar-2019

04:15

Not applicable

Normnfkd.nlp

Not applicable

61,718

31-Mar-2019

04:15

Not applicable

Clrjit.dll

4.0.30319.36627

509,728

28-Mar-2020

13:12

x86

Clr.dll

4.0.30319.36627

6,941,472

28-Mar-2020

13:12

x86

Mscordacwks.dll

4.0.30319.36627

1,285,104

28-Mar-2020

13:12

x86

Mscordbi.dll

4.0.30319.36627

1,108,464

28-Mar-2020

13:12

x86

Msvcp120_clr0400.dll

12.0.52627.36627

537,376

28-Mar-2020

13:13

x86

Msvcr120_clr0400.dll

12.0.52627.36627

876,528

28-Mar-2020

13:13

x86

Penimc.dll

4.0.30319.36627

82,440

28-Mar-2020

13:13

x86

Peverify.dll

4.0.30319.36627

164,640

28-Mar-2020

13:12

x86

Presentationhost_v0400.dll.mui

4.0.30319.36627

85,488

28-Mar-2020

13:13

Not applicable

Presentationhost_v0400.dll

4.0.30319.36627

186,864

28-Mar-2020

13:13

x86

Presentationnative_v0400.dll

4.0.30319.36627

790,816

28-Mar-2020

13:13

x86

Servicemonikersupport.dll

4.0.30319.36627

28,960

28-Mar-2020

13:12

x86

Sos.dll

4.0.30319.36627

763,168

28-Mar-2020

13:12

x86

System.core.dll

4.0.30319.36627

1,272,464

28-Mar-2020

13:13

x86

Wpfgfx_v0400.dll

4.0.30319.36627

1,649,136

28-Mar-2020

13:13

x86

Presentationcore.dll

4.0.30319.36627

3,227,632

28-Mar-2020

13:13

x86

Information about protection and security

SUSCRIBIRSE A FUENTES RSS

¿Necesita más ayuda?

¿Quiere más opciones?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

¿Le ha sido útil esta información?

¿Qué ha afectado a su experiencia?
Si presiona Enviar, sus comentarios se usarán para mejorar los productos y servicios de Microsoft. El administrador de TI podrá recopilar estos datos. Declaración de privacidad.

¡Gracias por sus comentarios!

×