In its announcement, the company also says Windows Server 2008 and later customers can also pull in the update. Available now, .NET Framework customers can get the release through the Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker. Microsoft has made several important security changes. The company has fixed a code execution vulnerability that would occur when the framework processed untrusted inputs. This allowed hackers to potentially take over a system. While an attacker would need to convince a user to open a malicious download, the vulnerability was there. Microsoft has now solved the problem with the latest update. As usual, Microsoft points out that fixes are not universal across all Windows versions. When this is the case, the update will tell customers. Back in June, Microsoft launched .NET Framework 4.7. The update focused on adding new APIs and adding to ASP.NET, Windows Communication Foundation, Windows Forms, and Core. .NET Framework 4.7 adds Object Cache Extensibility to ASP.NET. With these new APIs, developers use tools to replace default ASP.NET implementations. In their place, dev’s can use in-memory object caching and memory monitoring. Microsoft says customers can replace object cache store, memory monitoring, and Memory Limit Reactions.

Changelog

CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to convince the user to open a malicious document or application. The security update addresses the vulnerability by correcting how .NET validates untrusted input. More Information: CVE-2017-8759 ASP.NET

Values added to System.Web.Cache expire immediately, with .NET Framework 4.7. [452228] Also reported at NET Forums #2123507 NET site running on Sitefinity broken, with .NET Framework 4.7. [457739]

CLR

CRWLock::StaticAcquireWriterLock() never returns if Int32.MaxValue number of ReaderWriterLock objects are created, with .NET Framework 3.5. [242568] Crash in CLR assembly metadata reader. [367294] Also reported at ASP.NET Forums #2106799 Also reported at StackOverflow #40272099 Also reported at Connect #3111237 .NET remoting IPC listener thread exits and leaves an orphaned IPCServerchannel. [454409] Silent bad codegen when optimizing expression. [460765] Also reported at dotnet/coreclr #11574 Crash in Visual Studio due to race in CLR assembly loader. [462762] Runtime underallocates arrays by one element in rare cases when jitting large methods. [463604] AppContext feature opt-in/out not functioning correctly. [469020] More information: .NET Framework Update for AppContext

Management

Reboot method of Win32_OperatingSystem has Privilege not held exception [441901]

Networking

HTTPWebRequest times out when switching to TLS after installing update KB4019112. [465796]

WCF

NetTcp with X509Certificates using SslStream uses the default TLS version as the OS, with .NET Framework 4.7. [451528]

Windows Forms

Excessive object creation in a performance-critical code-path leading to performance regressions and/or displaying empty UI and/or exhausting GDI+ handles. [452048] Multi-Mon support: Controls with non-default anchoring are moved around the screen when scaling is changed [462872]. Note: This fix will be made available for Windows 10 1607 (Anniversary Update) in October.

WPF

WPF fails to load resources if two versions of the same assembly are loaded. [378607] Note: This fix will be made available for Windows 10 1703 (Creators Update) in October. WPF consumes high % of CPU in Visual Studio when console session not active. [391184] Note: This fix will be made available for Windows 10 in October. Visual Studio fails due to “Unable to load DLL ‘PenIMC.dll’” error. [452476] Note: This fix will be made available for Windows 10 1703 (Creators Update) in October. Application crash due to call into DWrite. [453529] Note: This fix will be made available for Windows 10 in October. TargetFrameworkName is null with mixed mode application. [425074] Note: This fix will be made available for Windows 10 1703 (Creators Update) in October. Event leak with WPF application on touch screen monitors on Windows 10. [434946] Note: This fix will be made available for Windows 10 1703 (Creators Update) in October.
Microsoft Debuts September  NET Framework Security and Quality Rollup - 5Microsoft Debuts September  NET Framework Security and Quality Rollup - 33Microsoft Debuts September  NET Framework Security and Quality Rollup - 28Microsoft Debuts September  NET Framework Security and Quality Rollup - 61Microsoft Debuts September  NET Framework Security and Quality Rollup - 12