Patch Tuesday just went by and Microsoft brought in a stream of cumulative and security updates including KB4480075 update for .NET Framework 4.5.2. It is a security-only patch and introduces a fix for CVE-2019-0545 vulnerability in Microsoft .NET Framework. This exposure used to given way to an information disclosure which, in turn, permitted a CORS configuration bypass.
In the case that a malicious user succeeds in exploiting this vulnerability, he can fetch even the usually restricted content from web-apps. KB4480075 enforce CORS (Cross-origin Resource Sharing) configuration to prevent any bypass and hence, addresses this issue. In order to know further about this vulnerability, check out CVE-2019-0545.
KB4480075 Security Only update for .NET Framework 4.5.2- 8 Jan 2018 details
Note for users:
When you are planning to add language packs, we recommend that you do so before installing KB4480075. You’ll have to reinstall the update in case you happen to install the language pack after the installation of the updates.
KB4480075 doesn’t need the system to restart after the installation.
How to get KB4480075 Security Only update for .NET Framework 4.5.2
There are two ways that you can get KB4480075 for .NET Framework 4.5.2.
From Microsoft Update Catalog:
You can download KB4480075 stand-alone package from Microsoft Update Catalog.
You can also get this update fromm Windows Software Update Service (WSUS). To do so, simply follow the below steps:
Step-1: In the Start search box, enter Administrative Tools.
Step-2: Double click on the result and the Administrative tools will open up in the Control Panel. Choose Microsoft Windows Server Update Services 3.0.
Step-3: Expand the option ComputerName, and from the options, select Action.
Step-4: Click on Import Updates.
Step-5: Windows Software Update Service will open a browser window where you’ll be asked to install an ActiveX control. In order to continue, you need to install the ActiveX control.
Step-6: Once you install the ActiveX control, Windows will take you to the Microsoft Update Catalog screen.
Step-7: In the search box, type or paste KB4480075 and press Search.
Step-8: Find the .NET Framework package which is compatible with the languages, processes and operating systems in your environment.
Step-9: Click on Add. This will add the packages you select to your basket.
Step-10: Click on View Basket.
Step-11: Now select import for importing the selected packages to your WSUS server.
That’s it and now you have KB4480075 available to be installed via “Windows Software Update Service”.
If you want to remove the update (which is not recommended) for any reason, you can do so in “Programs and Features” item in the Control Panel.
Source – Release Note