Microsoft released Security Only updates for .NET Framework 3.5, and later versions for Windows Server 2012 (KB 4338610) with multiple fixes and changes. This update specifically deals with the vulnerabilities that attackers exploit to take control of your system. Thankfully, after installing the patch, you will be able to bypass certain problems that you may find on .Net Framework 3.5.
You can download Security Only updates for .NET Framework 3.5 and subsequent for Windows Server 2012 (KB 4338610) either through “Microsoft Update Catalog” or by using Windows Software Update Services (WSUS). So, here in this article, we will give you the details of the fixes and issues of the patch.
Security Only updates for .NET Framework August 2018
This security update resolves the below-mentioned vulnerabilities:
1. There is vulnerability called “remote code execution”. It basically occurs when .NET Framework fails to validate input correctly. So, once the attacker successfully exploits this specific vulnerability, he is likely to take hold of the affected system. After taking full control of the system, he can install programs; view, modify or delete data. Furthermore, the attacker can even create new accounts that have full admin rights.
If your account is configured to have few rights on the system, it will be less affected when compared to the ones having the administrative authorities. So, in order to exploit the vulnerability, an attacker has to pass specific input to an application via susceptible .NET Framework procedures. Now, this security update will take care of the vulnerability by rectifying how .NET Framework validates input.
2. Another vulnerability is “elevation of privilege” that especially happens in .NET Framework. Basically, it can allow an attacker to elevate their user rights level. So, to exploit this vulnerability, an attacker needs to access the local computer and then execute a malicious software. Security Only updates for .NET Framework focuses on the vulnerability by fixing how .NET Framework enables COM objects.
3. A “security feature bypass” is also one of the vulnerabilities that this update deals with. It generally exists when the components of “.NET Framework” fail to correctly validate certificates. In this particular vulnerability, an attacker can show expired certificates whenever asked for. This security update also concentrates on this vulnerability by ensuring that .NET Framework components correctly validate certificates.
Note: In case you install a “language pack” after installing this update, then you must make an attempt to re-install “Security Only updates for .NET Framework”. Hence, the team strongly recommends installing any language pack before making an attempt to install this update.
A COM component fails to load after the successful installation of “July 2018 .NET Framework Security Updates”. This happens because of error messages such as “internal failure occurred for unknown reasons”, “access denied“, moreover “class not registered”. The most common failure signature is given below:
Exception type: System.UnauthorizedAccessException
Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
How to obtain and install the Security Only updates for .NET Framework
Way-1: Through Microsoft Update Catalog
First of all, you need to navigate to the Microsoft Update Catalog to grab the stand-alone package for this update.
Once you open the page, click the Download button next to the update name.
Way-2: Use Windows Software Update Services (WSUS)
On your WSUS server, follow these steps:
Step-2: Here, locate and click “Microsoft Windows Server Update Services 3.0“.
Step-3: Moving ahead expand ComputerName. Hit the Action button.
Step-4: Perform a click on Import Updates.
Step-5: WSUS will immediately launch a browser window. Now, it may prompt you to install an ActiveX control which you must install to proceed forward.
Step-6: After successfully installing the “ActiveX control”, Microsoft Update Catalog will show up on the screen. On its Search box, write 4340005 and hit Enter.
Step-7: Now, you need to find out the .NET Framework packages that match the operating systems, languages, moreover processors in your environment.
Step-8: Click the Add button. After selecting all the packages, click View Basket.
Step-9: Now, in order to import the packages to your WSUS server, perform a hit on Import. Once you import all the packages, hit Close to return to WSUS.
That’s all and the updates are now available for installation through WSUS.
Remove this Update
The Microsoft team does not suggest deleting this Security Only updates for .NET Framework. However, in any case, you wish to do away with it, then proceed to the Programs and Features section in the Control Panel.
You don’t need to reboot the system even after applying Security Only updates for .NET Framework. However, a restart is required only if the updated files are being used or locked.
Installation of this update will not substitute any previously released update.
Source – Release note