Today, we are releasing the December 2018 Security and Quality Rollup.
Security
CVE-2018-8540 – Windows Remote Code Execution Vulnerability
This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn’t validate input correctly. The attacker who successfully exploits this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who are granted administrative user rights.
To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods.
This security update addresses the vulnerability by correcting how .NET Framework validates input.
To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Read more: .NET Framework December 2018 Security and Quality Rollup | .NET Blog
Tweet
— Twitter API (@user) View on Twitter