Applies to:

Microsoft .NET Framework 3.5

Summary

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

  • 4514598 Description of the Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4514598)

How to obtain and install the update

Method 1: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 2: Windows Software Update Services (WSUS)

On your WSUS server, follow these steps:

  1. Select Start, select Administrative Tools, and then select Microsoft Windows Server Update Services 3.0.

  2. Expand ComputerName, and then select Action.

  3. Select Import Updates.

  4. WSUS opens a browser window in which you may be prompted to install an ActiveX control. You must install the ActiveX control to continue.

  5. After the ActiveX control is installed, you see the Microsoft Update Catalog screen. Type 4514598 into the Search box, and then select Search.

  6. Locate the .NET Framework packages that match the operating systems, languages, and processors in your environment. Select Add to add them to your basket.

  7. After you select all the packages that you require, select View Basket.

  8. To import the packages to your WSUS server, select Import.

  9. After the packages are imported, select Close to return to WSUS.

The updates are now available for installation through WSUS.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20190910 Security update deployment information: September 10, 2019

Update removal information

Note We do not recommend that you remove any security update. To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.


File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows Server 2012 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information

File hash information

File name

SHA1 hash

SHA256 hash

Windows8-RT-KB4514349-x64.msu

B39A0D9587730D3AC4386EF6CD1ECA7E7BBF6AA0

C8F925C1A838BEDE298D418981E06E6F1931E4FB9D36549CA1E1A8F4721BBC02

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Big5.nlp

Not applicable

66,728

04-May-2018

19:43

Not applicable

Bopomofo.nlp

Not applicable

82,172

04-May-2018

19:43

Not applicable

Ksc.nlp

Not applicable

116,756

04-May-2018

19:43

Not applicable

Mscorlib.dll

2.0.50727.8810

4,575,232

27-Jul-2019

13:06

x64

Normidna.nlp

Not applicable

59,342

04-May-2018

19:43

Not applicable

Normnfc.nlp

Not applicable

45,794

04-May-2018

19:43

Not applicable

Normnfd.nlp

Not applicable

39,284

04-May-2018

19:43

Not applicable

Normnfkc.nlp

Not applicable

66,384

04-May-2018

19:43

Not applicable

Normnfkd.nlp

Not applicable

60,294

04-May-2018

19:43

Not applicable

Prc.nlp

Not applicable

83,748

04-May-2018

19:43

Not applicable

Prcp.nlp

Not applicable

83,748

04-May-2018

19:43

Not applicable

Sortkey.nlp

Not applicable

262,148

04-May-2018

19:43

Not applicable

Sorttbls.nlp

Not applicable

20,320

04-May-2018

19:43

Not applicable

Xjis.nlp

Not applicable

28,288

04-May-2018

19:43

Not applicable

Mscordacwks.dll

2.0.50727.8810

1,758,080

27-Jul-2019

13:06

x64

Mscorwks.dll

2.0.50727.8810

10,011,520

27-Jul-2019

13:06

x64

Sos.dll

2.0.50727.8810

486,784

27-Jul-2019

13:06

x64

Big5.nlp

Not applicable

66,728

15-Nov-2017

00:49

Not applicable

Bopomofo.nlp

Not applicable

82,172

15-Nov-2017

00:49

Not applicable

Ksc.nlp

Not applicable

116,756

15-Nov-2017

00:49

Not applicable

Mscorlib.dll

2.0.50727.8810

4,558,848

27-Jul-2019

13:06

x86

Normidna.nlp

Not applicable

59,342

15-Nov-2017

00:49

Not applicable

Normnfc.nlp

Not applicable

45,794

15-Nov-2017

00:49

Not applicable

Normnfd.nlp

Not applicable

39,284

15-Nov-2017

00:49

Not applicable

Normnfkc.nlp

Not applicable

66,384

15-Nov-2017

00:49

Not applicable

Normnfkd.nlp

Not applicable

60,294

15-Nov-2017

00:49

Not applicable

Prc.nlp

Not applicable

83,748

15-Nov-2017

00:49

Not applicable

Prcp.nlp

Not applicable

83,748

15-Nov-2017

00:49

Not applicable

Sortkey.nlp

Not applicable

262,148

15-Nov-2017

00:49

Not applicable

Sorttbls.nlp

Not applicable

20,320

15-Nov-2017

00:49

Not applicable

Xjis.nlp

Not applicable

28,288

15-Nov-2017

00:49

Not applicable

Mscordacwks.dll

2.0.50727.8810

991,104

27-Jul-2019

13:06

x86

Mscorwks.dll

2.0.50727.8810

5,949,832

27-Jul-2019

13:06

x86

Sos.dll

2.0.50727.8810

390,536

27-Jul-2019

13:06

x86

Information about protection and security

需要更多協助?

擴展您的技能
探索訓練
優先取得新功能
加入 Microsoft 測試人員

這項資訊有幫助嗎?

會影響您使用體驗的因素為何?

是否還有其他的意見反應? (選填)

感謝您的意見反應!

×