Last Updated: 2017.09.21.
Today, we are releasing the September 2017 Security and Quality Rollup and Security Only Update.
This update applies to Windows 7 and later client versions and Windows Server 2008 and later server versions.
This update has known issues. Please see them at the bottom of the update.
Security
This release contains the following security changes.
CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would first need to convince the user to open a malicious document or application.
The security update addresses the vulnerability by correcting how .NET validates untrusted input.
More Information: CVE-2017-8759
Quality and Reliability
This release contains the following quality and reliability improvements.
ASP.NET
- Values added to System.Web.Cache expire immediately, with .NET Framework 4.7. [452228]
- Also reported at ASP.NET Forums #2123507
- ASP.NET site running on Sitefinity broken, with .NET Framework 4.7. [457739]
CLR
- CRWLock::StaticAcquireWriterLock() never returns if Int32.MaxValue number of ReaderWriterLock objects are created, with .NET Framework 3.5. [242568]
- Crash in CLR assembly metadata reader. [367294]
- Also reported at ASP.NET Forums #2106799
- Also reported at StackOverflow #40272099
- Also reported at Connect #3111237
- .NET remoting IPC listener thread exits and leaves an orphaned IPCServerchannel. [454409]
- Silent bad codegen when optimizing expression. [460765]
- Also reported at dotnet/coreclr #11574
- Crash in Visual Studio due to race in CLR assembly loader. [462762]
- Runtime underallocates arrays by one element in rare cases when jitting large methods. [463604]
- AppContext feature opt-in/out not functioning correctly. [469020]
- More information: .NET Framework Update for AppContext
Management
- Reboot method of Win32_OperatingSystem has Privilege not held exception [441901]
Networking
- HTTPWebRequest times out when switching to TLS after installing update KB4019112. [465796]
WCF
- NetTcp with X509Certificates using SslStream uses the default TLS version as the OS, with .NET Framework 4.7. [451528]
Windows Forms
- Excessive object creation in a performance-critical code-path leading to performance regressions and/or displaying empty UI and/or exhausting GDI+ handles. [452048]
- Multi-Mon support: Controls with non-default anchoring are moved around the screen when scaling is changed [462872].**
WPF
- Application crash due to call into DWrite. [453529]*
- WPF consumes high % of CPU in Visual Studio when console session not active. [391184]*
- WPF fails to load resources if two versions of the same assembly are loaded. [378607]***
- Visual Studio fails due to “Unable to load DLL ‘PenIMC.dll’” error. [452476]***
- TargetFrameworkName is null with mixed mode application. [425074]***
- Event leak with WPF application on touch screen monitors on Windows 10. [434946]***
Note: Some fixes will be available at a later date. See the legend below:
* This fix will be made available for Windows 10 in October.
** This fix will be made available for Windows 10 1607 (Anniversary Update) in October.
*** This fix will be made available for Windows 10 1703 (Creators Update) in October.
Note: Fixes are not always available for all Windows versions at the same time. This situation is noted where appropriate, and where the information is available, a release date is provided.
Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
Product Version | Security and Quality Rollup KB | Security Rollup KB |
---|---|---|
Windows 10 1703 (Creators Update) | Catalog 4038788 |
N/A |
.NET Framework 4.7 | 4038788 | N/A |
.NET Framework 3.5 | 4038788 | N/A |
Windows 10 1607 (Anniversary Update) Windows Server 2016 |
Catalog 4038782 |
N/A |
.NET Framework 4.6.2, 4.7 | 4038782 | N/A |
.NET Framework 3.5 | 4038782 | N/A |
Windows 10 1511 | Catalog 4038783 |
N/A |
.NET Framework 4.6.1 | 4038783 | N/A |
.NET Framework 3.5 | 4038783 | N/A |
Windows 10 1507 | Catalog 4038781 |
N/A |
.NET Framework 4.6 | 4038781 | N/A |
.NET Framework 3.5 | 4038781 | N/A |
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4041085 |
Catalog 4041092 |
.NET Framework 3.5 | 4040981 | 4040967 |
.NET Framework 4.5.2 | 4040974 | 4040958 |
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 | 4040972 | 4040956 |
Windows Server 2012 | Catalog 4041084 |
Catalog 4041091 |
.NET Framework 3.5 | 4040979 | 4040965 |
.NET Framework 4.5.2 | 4040975 | 4040959 |
.NET Framework 4.6 | 4040971 | 4040955 |
Windows 7 Windows Server 2008 R2 |
Catalog 4041083 |
Catalog 4041090 |
.NET Framework 3.5.1 | 4040980 | 4040966 |
.NET Framework 4.5.2 | 4040977 | 4040960 |
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 | 4040973 | 4040957 |
Windows Server 2008 | Catalog 4041086 |
Catalog 4041093 |
.NET Framework 2.0 | 4040978 | 4040964 |
.NET Framework 4.5.2 | 4040977 | 4040960 |
.NET Framework 4.6 | 4040973 | 4040957 |
Docker Images
The following Docker container images have been updated as part of this release.
Known Issues
This release has the following known issues.
WPF Rendering in a Windows Service
- .NET Framework versions: 4.6.x, 4.7
- Windows versions: all
- Affected KBs: KB4040956, KB4040955, KB4040957
After you install this update on the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7, you may experience rendering issues in Windows Presentation Foundation (WPF) applications that use WPF types in a Windows service. For more information, see KB 4043601.
Incorrect text in .NET Framework Setup
- .NET Framework versions: 4.5.2
- Windows versions: Windows 7, Windows Server 2008, Windows Server 2008 R2
- Affected KBs: KB4040960, KB4040977
When you apply this update on non-English locale systems, you may notice some pseudo localized characters instead of localized content in the interactive setup. This is a non-impacting, UI-only, setup issue that does not affect the deployment result or functionality of the update contents. Please apply this update to help secure your computer against vulnerabilities and the issues that are addressed by this update. For more information, see: KB 4043564.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
“Note: This fix will be made available for Windows 10 1607 (Anniversary Update) in October.”
wut🙃
In some cases, fixes for certain Windows versions are not yet available and are still coming. This situation was called out in the post. For the first you called out, it won’t be ready until October for Windows 10 1607. It available, as part of this update, for other Windows versions today.
This is because MSFT has decided to fragment “classic” .NET into “old” Windows 7 and a “new” Windows 10 flavor. While releasing updates for the “old” earlier than for the “new”. As the poster below states correctly, there is no .NET 4.7 for Windows 10 “older” than 1607 at all. Maybe there is some hidden wisdom in this approach. Maybe they really think they can force corporate customers into the insane 6 month release cycle of Windows 10. Who knows.
Hi,
Just wondering why there are 2 sections for Windows Server 2012 R2 above?
One section includes Windows 8.1 and Windows RT 8.1 along with Windows Server 2012 R2 and the other has only Windows Server 2012 R2 listed.
I thought Win 8.1 and Win Serve 2012 R2 share the same KB’s?
Thanks
After checking out the MS Update catalog and comparing the names of the KB’s to what is on the blog above it looks like there is a typo on the blog site.
When I check out the KB from the Windows Server 2012 R2 section above on the MS Update Catalog site they say there KB’s are for Windows Server 2012 not Windows Server2012 R2.
HI Cory, it looks like you are correct; the Product Version name should be “Windows Server 2012” for the entry with links to article 4041084.
Fixed! Thanks for the catch.
It happened again: The update is marked as critical but it miserably fails on my w7 x64.
This already happened in spring of this year and I wonder what makes the update fail without telling me precisely why.
It just fails with Code 652 and if I click on “get help with this error” I get THIS shit:
0 results for “WindowsUpdate_00000652” “WindowsUpdate_dt000”
Suggestions
Check your spelling
Try a different phrase
Other options to try
Search the Windows website
Go online to get answers from other Windows users
Search IT Pro content on the Microsoft TechNet website
We have verified that this update is marked as important and not critical. The description for the error you are seeing is :There was error [%2] processing the driver database. In order for us to figure out why you are experiencing this issue we would need some log files from you. Can you please run http://aka.ms/vscollect.exe and share %temp%\vslogs.zip and %windir%\WindowsUpdate.log, so we can investigate further? You can email me with the logs at preetik@microsoft.com
I am getting a similar error – but listed as Code 653.
Are there any plans to release .NET 4.7 to Windows 10 before 1607?
About one third of our customers has migrated to Win 10 so far. Almost all of them use a CBB oven LTSB version below 1607, and plan to stick with it for the time being. This creates a somewhat funny situation: Customers still using Win7 can run .NET 4.7, while the ones already migrated to Win 10 can’t. So we can’t target .NET 4.7 because of our Win 10 customers…
Great question. Looking at the Microsoft Lifecycle Policy for those two releases, you can see that 1507 is already out of support and 1511 goes out of support next month. We do not have any plans to provide newer releases for those two releases. .NET Framework 4.7.1, for example will support 1607 as the minimum Windows 10 version, just like 4.7.
I understand why this approach is frustrating. The major insight is that the Windows 10 lifecycle and servicing model is not the same as previous Windows versions.
Policy site: https://support.microsoft.com/en-us/lifecycle
Not really sure what you mean.
A good amount of our corporate customers is using “Windows 10 Enterprise 2015 LTSB”, which is 1507 and goes out of support in 2025.
I understand why this approach is frustrating. The major insight is that the Windows 10 lifecycle and servicing model is not anticipated by most of your real world corporate customers.
Great point. We will support .NET Framework 4.6 for 1507 for the period you mentioned.
Once a Windows version no longer supports CB/CBB deployments, then we will no longer support _newer_ .NET Framework versions on it. That is what is happening with 1507. In the case of 1607, which has an associated server release, we will continue to support newer .NET Framework versions for longer.
Please take a look at this issue:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/0f14f14c-5cd3-4505-9168-2ef9dc1f7031/kb-4041083-kb-4040973-has-broken-wpf-rendering-in-services?forum=wpf
We also need resolution for this issue.
Those KB have broken WPF Drawing in services apps!!! Please fix it! thanks,
Quite a few production systems affected
https://connect.microsoft.com/VisualStudio/feedback/details/3141218
Same issue here. Took production down for quite some time. tnx!
As with some other folks, this update keeps failing on my WIn7 X64 machine. The machine is clean. It reports Code 66A as the failure. The logs show this;
“Installation Failure: Windows failed to install the following update with error 0x80070643: 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083).”
Along with error code 0x80070643 in the XML view.