If at first you don’t succeed, .Net, .Net, .Net again
Credit to Author: Woody Leonhard| Date: Tue, 31 Jul 2018 05:49:00 -0700
July will go down in the Microsoft Patching Halls of Infamy as one of the worst months ever. Every version of Win10 got three big cumulative updates, and a fourth should be hot on their heels. Let that sink in for a second: Windows patches used to come out once a month, then twice, and now we’re up to three or four a month, sprinkled on random days of the month. And they’re big bunches of fixes.
July .Net patches started falling over shortly after they were released. The bad patches took down many of Microsoft’s own products. Four attempts to fix the problems in two weeks left Microsoft advising that you yank them if you have them.
Yesterday afternoon, Microsoft released a hefty bunch of .Net patches, and a single patch for Windows itself — one for Win10 1607/Server 2016. Microsoft did not release .Net fixes for Win10 1703, 1709 or 1803.
Here are the fixed KB articles, per Microsoft’s KB 4345913:
KB 4346877 Update for Windows 10, version 1607 and Windows Server 2016: July 30, 2018
KB 4346406 Update for .Net Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346406): July 30, 2018
KB 4346405 Update for .Net Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows Server 2012 (KB 4346405): July 30, 2018
KB 4346407 Update for .Net Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows 7 SP1 and Server 2008 R2 SP1 and .Net Framework 4.6 on Server 2008 SP2 (KB 4346407): July 30, 2018
KB 4346408 Update for .Net Framework 4.5.2 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346408): July 30, 2018
KB 4346739 Update for .Net Framework 4.5.2 on Windows Server 2012 (KB 4346739): July 30, 2018
KB 4346410 Update for .Net Framework 4.5.2 on Windows 7 SP1, Server 2008 R2 SP1 and Server 2008 SP2 (KB 4346410): July 30, 2018
KB 4346745 Update for .Net Framework 3.5 SP1 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346745): July 30, 2018
KB 4346742 Update for .Net Framework 3.5 SP1 on Windows Server 2012 (KB 4346742): July 30, 2018
KB 4346744 Update for .Net Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4346744): July 30, 2018
KB 4346743 Update for .Net Framework 2.0 SP2 and 3.0 SP2 on Windows Server 2008 SP2 (KB 4346743): July 30, 2018
You can see a full list of individual patches in the Microsoft Update Catalog.
Tellingly, the KB entries for the latest cumulative updates for Win10 versions 1703, 1709 and 1803 all say:
After you install any of the July 2018 .NET Framework Security Updates, a COM component fails to load because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors. The most common failure signature is the following:
Exception type: System.UnauthorizedAccessException
Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Microsoft is working on a resolution and will provide an update in an upcoming release.
Except, of course, it hasn’t provided a resolution.
The Security TechCenter Security Advisory for CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability hasn’t been updated, as yet.
I haven’t yet seen any reports of problems with this, the fifth version of the July .Net patches — but the day is yet young.
Angry? Help us spit into the wind on the AskWoody Lounge.