Microsoft has today published its Security and Quality Rollup and Security Only Update for the .NET Framework. This represents all the security patches and performance tweaks for the month of April. The company has detailed the changes made in this latest release.
Firstly, Microsoft has tackled common vulnerabilities and exposures CVE17-0160. Specifically, there has been a remote code execution flaw that results in the .NET Framework failing to validate input. This happens before libraries are loaded and means an attacker could take control of the system.
This would lead to the possibility of malicious software finding its way onto a system, or an attacker viewing or changing data. Microsoft says such an attack would need for the perpetrator would need access to the local system. The vulnerability was less important for users with accounts featuring less rights to use a system.
Either way, Microsoft has patched the flaw with this security update. The company says it achieved this by solving how .NET validates input.
Today, we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. You can read the April 2017 Security Updates Release Notes to learn about all changes being released today.
In terms of the Quality and Reliability aspect of this rollup, there is literally nothing to talk about. In Microsoft's own words: “there are no quality and reliability changes this month.”
Users of .NET Framework can get the release through the Windows Update, Microsoft Update Catalog, and the Windows Server Update Services.
Moving .NET Framework to the Creators Update
Microsoft´s .NET Framework 4.7 is included in the Creators Update, therefore users should upgrade to the newest build. The latest update to .NET Framework also brings improvements to the following areas:
- Windows Forms