Microsoft just announced that it has re-issued the buggy July .NET Security Only patches identified as CVE–2020-1147, and covering a gazillion differ
[See the full post at: Microsoft re-releases buggy July .NET Security Only patches]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Microsoft re-releases buggy July .NET Security Only patches
Home » Forums » Newsletter and Homepage topics » Microsoft re-releases buggy July .NET Security Only patches
- This topic has 15 replies, 11 voices, and was last updated 2 years, 11 months ago.
AuthorTopicwoody
ManagerViewing 6 reply threadsAuthorReplies-
GoneToPlaid
AskWoody Lounger -
Paul T
AskWoody MVP
-
Alex5723
AskWoody PlusFrom Microsoft.
Summary
=======The following CVEs have undergone a major revision increment:
* CVE-2019-1181
* CVE-2019-1182
* CVE-2020-1147Revision Information:
=====================* CVE-2019-1181
– CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1181– Version 2.0
– Reason for Revision: Revised the Security Updates table to add Microsoft Remote
Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
for Mac IoS because these apps are affected by this vulnerability. Microsoft
recommends that customers running any of these apps install the latest security
update to be fully protected from this vulnerability. Please see the FAQ section
for information on how to get these updates.
– Originally posted: August 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical* CVE-2019-1182
– CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1182– Version 2.0
– Reason for Revision: Revised the Security Updates table to add Microsoft Remote
Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
for Mac IoS because these apps are affected by this vulnerability. Microsoft
recommends that customers running any of these apps install the latest security
update to be fully protected from this vulnerability. Please see the FAQ section
for information on how to get these updates.
– Originally posted: August 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical* CVE-2020-1147
– CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code
Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147– Version 2.0
– Reason for Revision: To comprehensively address CVE-2020-1147, Microsoft has released
the following: October Security Updates for all affected versions of .NET Framework
installed on Windows 10; October 2020 Monthly Rollup updates AND updated versions of
the Security Only updates released in July 2020 for all affected versions of .NET
Framework installed on Windows 8.1, Windows Server 2012 R2, Windows Server 2012,
Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft strongly
recommends that customers install the updates to be fully protected from the
vulnerability. Customers who install the Security Only updates should ensure that
they re-install the updates after October 13. Customers whose systems are configured
to receive automatic updates do not need to take any further action.
– Originally posted: July 14, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical**************************************************************************************
1 user thanked author for this post.
anonymous
Guest-
PKCano
ManagerThis is NOT the .Net Security & Quality Rollup issued through Windows Update.
It is a Security-only Rollup that is downloadable from the Microsoft Catalog only.The recommendation is NOT to install the buggy July patch.
The recommendation is to install the FIXED patch re-released on Oct. 13 Patch Tuesday to correct the bugs in the July update.
CraigS26
AskWoody PlusIs this the KB (4578974) .NET patch?
Ref Buggy July Patch fix ….Yes for my 1909. Search showed 7/14/20 Orig Publish and latest Oct 13 ’20.
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0
-
This reply was modified 2 years, 11 months ago by
CraigS26.
DKThompson
AskWoody PlusInstall .NET patches or NOT install????
In Ms Bradley’s 12 Oct 2020 article “How to block the Windows 10 October 2020 Update, version 20H2, from installing”
Under step 3, she said “If you’re on version 1909 or 2004, don’t click that link. If you want to avoid installing Windows 10 version 20H2, don’t click the Download and install link. And always remember — you don’t want to click Check for updates, as this will offer up optional .NET updates on your system that you don’t want installed.”
On Oct 13, 2020 Woody posted this note: “Microsoft re-releases buggy July .NET Security Only patches” where he said “Anyway, if you see a .NET patch from July suddenly appear in October, you need to install it, and now you know why.”
Please advise what the .NET patch means to the average user and when should they be installed
—————————————
Win Pro 2004 OS Build 19041.508-
PKCano
ManagerThe .NET patches in question were Security-only for Win7 and Win8.1 that were downloadable only from the MS Catalog. If you have not been downloading SOs and manually installing them, you have nothing to worry about.
However, if this was your case, for Win7 see #2304011
If you need the info about Win8.1 .NET SO patches re-released from July, let me know ans I will give you the necessary links.The .NET patches for Win10 are Previews, not the Patch Tuesday Security .NET CUs. We don’t recommend installing Previews, so that is what Susan was referring to.
1 user thanked author for this post.
-
anonymous
GuestIn the title, or immediately below the title in a subtitle/other entry one must always include the OSs affected 7, and/or 8/8.1 and/or 10/versions. But “Security Only” does give a hint that it’s 7/8/8.1 sort of issue, if I’m correct.
I’m Windows 10 Home(1909), take it all eventually, Edition after all the Pause Updates clicks expire.
1 user thanked author for this post.
-
PKCano
ManagerYou are right about including the version numbers.
BUT, Win10 does not have Security-only patches of any kind. So you would not be seeing anything like that.
Win7/8.1 Security-only patches are never released through Windows Update. They are MS Catalog download only and manual install. So even Win7/8.1 users would not receive them unknowingly.
1 user thanked author for this post.
-
-
J9438
AskWoody Lounger-
PKCano
ManagerThe re-released .NET Security-only patches are for WIn7 and Win8.1 only. They are not even issued through Windows Update for these two versions. They are manual download/install only.
They are NOT for Win10. Win10 does not have Security-only anything.
1 user thanked author for this post.
PerthMike
AskWoody PlusThe re-released .NET Security-only patches are for WIn7 and Win8.1 only. They are not even issued through Windows Update for these two versions. They are manual download/install only.
They are NOT for Win10. Win10 does not have Security-only anything.
Also for Windows 8/2012 Server.
No matter where you go, there you are.
Viewing 6 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
A.I. and AskWoody
by
WCHS
57 minutes ago -
Where is Windows Update?
by
bsfinkel
3 hours, 15 minutes ago -
mailwasher
by
jferr333
3 hours, 43 minutes ago -
Windows Photos
by
Linda2019
4 hours, 32 minutes ago -
OT QuickBooks payroll module not letting you efile 941
by
Susan Bradley
5 hours, 31 minutes ago -
MSA logins have been retired from DPC May 1st
by
Cormy1
5 hours, 29 minutes ago -
Administrator Lock
by
John Monge
9 hours, 29 minutes ago -
Skype cancels loopback audio
by
Steven
13 hours, 21 minutes ago -
Python re-installation
by
WSepzcaw
11 hours, 45 minutes ago -
Finally updated to Thunderbird 115
by
EricB
4 hours, 14 minutes ago -
Hard drive boot up problem in Windows AND Linux
by
rkacmar
21 hours, 20 minutes ago -
WSUS fails to download monthly Cumulative Update for Windows 11 Version 22H2
by
Bruce23
4 hours, 44 minutes ago -
Excel tone
by
WSmmi16
9 hours, 26 minutes ago -
Wait for the bugs to be worked out
by
Susan Bradley
15 hours, 53 minutes ago -
What Windows Really Needs [Pure OPINION]
by
RetiredGeek
8 hours, 8 minutes ago -
“Winmail.dat” attachments when email is sent from Outlook to Thunderbird
by
MrJimPhelps
1 day ago -
win 11 22H2 Memory itegrity error
by
krism
1 day, 7 hours ago -
McLaren Health Care 6TB data breach
by
Microfix
21 hours, 33 minutes ago -
Long Live the Red Envelope Era | Farewell to DVDs | Netflix
by
Alex5723
1 day, 10 hours ago -
Faststone Image Viewer updates
by
Alex5723
2 days, 12 hours ago -
Malicious ad served inside Bing’s AI chatbot
by
Alex5723
2 days, 12 hours ago -
win10 pro 22H2 current minus 1 mo,to, win11. suggestions…
by
krism
2 days, 1 hour ago -
Microsoft entered negotiations to sell Bing to Apple in 2020
by
Alex5723
2 days, 22 hours ago -
X CEO shows her iPhone’s Home Screen – and X isn’t there
by
Alex5723
2 days, 23 hours ago -
Keeping an older Mac secure
by
Susan Bradley
2 days, 23 hours ago -
Thunderbird – problem ”setting up existing email address”
by
stajourneyman
11 minutes ago -
Windows 11 Insider Preview build 23555 released to DEV
by
joep517
3 days, 10 hours ago -
Something didn’t go as planned KB5030310, KB 5030219
by
Donald Wyllie
1 day, 23 hours ago -
“Enhanced” search box
by
WSraysig
3 days, 11 hours ago -
Windows Ends Installation Path for Free Windows 7/8 Upgrade
by
Alex5723
3 days, 12 hours ago
Recent blog posts
- Wait for the bugs to be worked out
- MS-DEFCON 4: Is Windows 11 really a disaster?
- Windows 11, Surface, and Windows Copilot
- Why File Explorer keeps me on Windows
- Uninstalr — “World’s best cup of coffee”
- Locked out of your refurbished computer?
- What happened to the manual?
- Apple zero days out – September 2023
Key Links
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.