KB4055532 Security and Quality Rollup for .NET Framework in Windows 7

Page 1 of 2 12 LastLast

    KB4055532 Security and Quality Rollup for .NET Framework in Windows 7


    Last Updated: 18 Jan 2018 at 22:54
    Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4055532)

    Applies to: Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5.1

       Note
    Notice
    On January 18, 2018, update 4055532 was re-released to include an update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4074880). Update 4074880 replaces update 4055002 for this configuration, and prevents the issue that is described in the following Knowledge Base article:

    4074906 - "TypeInitializationException" or "FileFormatException" error in WPF applications that request fallback fonts after you install the January 9, 2018, .NET Security and Quality Rollup (KB4055002)

    This update has been released as part of the January 2018 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1.

    Important

    If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to Important: Windows security updates released January 3, 2018, and antivirus software. Also, see the "Additional information about this security update" section in this article.

    Summary

    This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0786.

    Additionally, this security update resolves a denial of service vulnerability that exists when .NET Framework and .NET Core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0764.

    Important

    • All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 require that the d3dcompiler_47.dll is installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see KB 4019990.
    • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

    Additional information about this security update

    • Enhanced Key Usage (EKU) is described in section 4.2.1.12 of RFC 5280. This extension indicates one or more purposes for which the certified public key may be used in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. This update changes this process so that the certificate chain validation fails if the root certificate is disabled. This is in addition to requiring the appropriate client or server EKU on certificates.

      If certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and looks for the correct purpose object identifier in Application Policies extensions. If a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2. Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly.

      Consider making changes to your component’s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting value in the configuration file:

      Code:
      <appSettings>
    <add key="wcf:useLegacyCertificateApplicationPolicy" value="true" />
</appSettings>
      Note Setting the value to “true” will opt out of the security changes.
    • The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.
      • 4074880 Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880)
      • 4054995 Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 (KB 4054995)
      • 4054998 Description of the Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4054998)
    • Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customers
      We recommend that all customers protect their devices by running compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices or a compatible third-party antivirus application. The antivirus software must set a registry key as described in the "Setting the registry key" section in this article to receive the January 2018 security updates.
    • Windows 7 SP1 and Windows Server 2008 R2 SP1 customers
      A default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1 will not have an antivirus application installed. In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. The antivirus software must set a registry key as described in the "Setting the registry key" section for you to receive the January 2018 security updates.
    • Customers without antivirus
      If you cannot install or run antivirus software, we recommend manually setting the registry key as described in the "Setting the registry key" section to receive the January 2018 security updates.
    • Setting the registry key

      Caution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, see the "Changing keys and values" help topic in Registry Editor or see the "Add and delete information in the registry" and "Edit registry data" help topics in Regedt32.exe.

      Note You will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless your antivirus software sets the following registry key:
      Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”
      Data="0x00000000”

    How to obtain help and support for this security update



    Source: https://support.microsoft.com/en-us/...-2-4-6-4-6-1-4
    Brink's Avatar Posted By: Brink
    18 Jan 2018



  2. feetand nches
    Posts : 555
    Windows 7 Home Premium 64bit
       New #1

    So all Windows 7 machines need the "d3dcompiler_47.dll"?

    Is this what I'm supposed to understand, who at MS is writing that garbage?
    "Notes
    The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed in the "Additional file information" section. MUM, MANIFEST, and the associated security catalog (.cat) files, are very important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature."

    Looks like the file was created on "12-Apr-2017", so will need to look for it as being installed, can someone tell me in English where to find it, or in any other language but MS, yes this must be some kind of new language MS?

    Thanks Brink
      My Computer
    Quote Quote

  4. Brink
    Posts : 72,043
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       New #2

    Hello Nasty7,

    If you get KB4055532 via Windows Update, then you should install it. Otherwise, you don't need to worry about it.
      My Computer
    Quote Quote

  5. feetand nches
    Posts : 555
    Windows 7 Home Premium 64bit
       New #3

    Will do Brink, I thought as much, but MS want's to make things seem more complicated than they are. Some kind of secret language lol.
      My Computer
    Quote Quote

  7. ConnieB
    Posts : 4
    Win7 Home Premium
       New #4

    I installed it this morning and when I tried to boot up about two hours ago, my computer would not start normally. After I put in my windows password, my screen went black and stayed that way for a half hour until l I gave up on it and turned the power off. I started the computer in safe mode and used the restore point from prior to the update, thinking that would fix it, but it didn't -- the same thing happened again. I am writing this in safe mode with networking. I don't know what to try next.
      My Computer
    Quote Quote

  8. LevelBest
    Posts : 233
    Windows 7 Home Premium 64 Bit (Service Pack 1)
       New #5

    I've also received this '532' update.

    What is d3dcompiler_47.dll? Is it supposed to be a part of the windows software to begin with? I can't find anything on the net as to where to look for it. I've noticed a lot of posts saying their computers are giving an error message that the file is missing but I've never had that message.

    Where do I look to see if it's on my computer?

    LevelBest
      My Computer
    Quote Quote

  9. feetand nches
    Posts : 555
    Windows 7 Home Premium 64bit
       New #6

    @ConnieB, sorry to hear that Connie, this is what I was afraid of. Apparently this should not come through if you don't have the proper prerequisites, but perhaps in your case it did anyhow.

    Here is the Link to the subject and the link to the Update in the Catalog. I searched for the D3dcompiler_47.dll and it is attached to all kinds of Folders like Chrome, Firefox, Spotify etc, like Fifteen Folders.
    https://support.microsoft.com/en-us/...ent-on-windows

    Microsoft Update Catalog

    LevelBeast, I think you could do a search for the "KB4019990" to see if you have it. This also requires SP1, which I can only assume everyone has, though should not assume anything LOL.

    You can also go into File Explorer C: Drive and so a search for d3dcompiler_47.dll just to see if it is there, and see how it is attached to many Folders.

    Fortunately I did not have any problems with it, but because it's something to do with mitigating the Meltdown, Spectre issue (at least that is what I thought) I was thinking it may be problematic, but may well be wrong.
      My Computer
    Quote Quote

  11. Sky Ranch
    Posts : 233
    Windows 7 Home 64-bit
       New #7

    The new d3dcompiler_47.dll is needed for .NET 4.7 installation. If you already are running 4.7 and have installed previously .NET security monthly rollups, odds are you already received the latest d3dcompiler_47.dll. It's located in your sys32 directory on your system drive. Version: 6.3.9600.18611
      My Computer
    Quote Quote

  12. Tpau
    Posts : 41
    Microsoft Windows 7 Professional 64-bit SP1
       New #8

    A picture saves a thousand words.
    KB4055532 Security and Quality Rollup for .NET Framework in Windows 7-capture.jpg
      My Computer
    Quote Quote

  13. feetand nches
    Posts : 555
    Windows 7 Home Premium 64bit
       New #9

    @Tpau, I wonder why I only have the #47, is it because of running Cleaning Tools or something? And you got yours way back in December...hmmm interesting?
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Read more: .NET Framework September 2017 Security and Quality Rollup | .NET Blog
Security Monthly Quality Rollup
in Windows Updates & Activation

I have been using W7 Pro x64 for ages and have been delighted with it and intend to stay with it until Microsoft eventually drives me to Linux. Now down to my question. I have been receiving a Security Monthly Quality Rollup and beginning to wonder if I really need to download it. The latest...
Windows update indicates the April 2017 Security and Quality Rollup for .NET Framework (kb 4014981) is needed. Does this include telemetry? Is there a security only update available for this? Thanks!
Hello all, I need some help, I am having an issue with 2 workstations. 1 Physical Windows 7 Pro x86 1 Virtual Windows 7 Pro x64 When I try to install the update KB3185330 the workstation reboots and eventually I get the message on the screen "Failure configuring Windows updates. Reverting...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:54.
Find Us