The latest .NET Framework updates fix a severe remote code execution vulnerability

News

Reading time icon 2 min. read

Calendar icon Updated on

by Madalina Dinita 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft released a series of important .NET Framework updates on Patch Tuesday. These updates fix severe vulnerabilities that could even allow remote code execution.

More specifically, sometimes the .NET Framework fails to properly validate input before loading libraries. As a result, attackers who successfully exploit this vulnerability could take control of the affected systems.

They could then install malicious programs, view, change, or delete data, create new accounts with full user rights, and more.

.NET Framework updates

Here are this month’s .NET Framework updates :

  • .NET Framework 3.5 and 4.7 KB4015583 for Windows 10 Creators Update
  • .NET Framework 3.5 and 4.6.2 KB4015217 for Windows 10 Anniversary Update and Windows Server 2016
  • .NET Framework 3.5 and 4.6.1 KB4015219 for Windows 10 1511 Update
  • .NET Framework 3.5 and 4.6 KB4015221 for Windows 10 RTM
  • .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 Rollup KB4014983 and security only KB4014987 for Windows 8.1 and Windows Server 2012 R2
  • .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 Rollup KB4014982 and security only KB4014986 for Windows Server 2012
  • .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 Rollup KB4014981 and security only KB4014985 for Windows 7 and Windows Server 2008 R2
  • .NET Framework 3.5, 4.5.2, and 4.6 Rollup KB4014984 and security only KB4014988 for Windows Vista SP2 and Windows Server 2008 SP2

Keep in mind that there is a known issue related to these updates. Applications that connect to an instance of Microsoft SQL Server on the same computer generate the following error message: “provider: Shared Memory Provider, error: 15 – Function not supported“. The good news is that there are three workarounds available to fix this issue:

  1. Disable the Shared Memory and Named Pipes protocols on the server side to force TCP-only connections to SQL Server.
  2. Create an alias on the server to force TCP protocol for local applications
  3. Disable shared memory from the Client Configuration tool (32-bit and 64-bit).

For more information, check out Microsoft’s Support page.

RELATED STORIES YOU NEED TO CHECK OUT:

More about the topics: .NET Framework

Madalina Dinita

Madalina Dinita Shield

Networking & Security Specialist

Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer. She is interested in all things technology, especially emerging technologies -- AI and DNA computing in particular. Prior to joining the WindowsReport team, she worked in the corporate world for a number of years.