Microsoft has now also updated some “Security Update Releases” after the bug fixes for Windows 10 for Patch Day May. Among other things, this involves security-related changes for the .NET Framework and .NET Core.
It had previously become known that some users had problems installing the security updates. There is currently no precise information on how widespread the problem is and which operating system versions were affected. Microsoft has now revised some of the updates released for Patch Day on May 12th. The group has revised the corresponding update guides and published the changes for the .NET Framework and .NET Core.
Only the update for CVE-2020-1108 was included in the revision, the update was classified as important. Also new is the inclusion of PowerShell Core 6.2 and 7.0, as these are also affected. The security update is available for Windows 7, 8.1, 10 and the server versions 2008, 2012, 2016, and 2019, among others. According to Microsoft, no cases of exploitation of vulnerability are known.
- A denial of service vulnerability exists when the .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service for a .NET Core or .NET Framework web application. The vulnerability could be exploited remotely and without authentication.
- An unauthenticated remote attacker could exploit this vulnerability by placing specially crafted requirements on the .NET Core or .NET Framework application.
The update addresses the vulnerability by correcting how the .NET Core or .NET Framework web application handles web requests.