Microsoft just announced that it has re-issued the buggy July .NET Security Only patches identified as CVE–2020-1147, and covering a gazillion differ
[See the full post at: Microsoft re-releases buggy July .NET Security Only patches]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Microsoft re-releases buggy July .NET Security Only patches
Home » Forums » Newsletter and Homepage topics » Microsoft re-releases buggy July .NET Security Only patches
- This topic has 15 replies, 10 voices, and was last updated 2 years, 7 months ago.
AuthorTopicwoody
ManagerViewing 6 reply threadsAuthorReplies-
GoneToPlaid
AskWoody Lounger -
Paul T
AskWoody MVP
-
Alex5723
AskWoody PlusFrom Microsoft.
Summary
=======The following CVEs have undergone a major revision increment:
* CVE-2019-1181
* CVE-2019-1182
* CVE-2020-1147Revision Information:
=====================* CVE-2019-1181
– CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1181– Version 2.0
– Reason for Revision: Revised the Security Updates table to add Microsoft Remote
Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
for Mac IoS because these apps are affected by this vulnerability. Microsoft
recommends that customers running any of these apps install the latest security
update to be fully protected from this vulnerability. Please see the FAQ section
for information on how to get these updates.
– Originally posted: August 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical* CVE-2019-1182
– CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1182– Version 2.0
– Reason for Revision: Revised the Security Updates table to add Microsoft Remote
Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
for Mac IoS because these apps are affected by this vulnerability. Microsoft
recommends that customers running any of these apps install the latest security
update to be fully protected from this vulnerability. Please see the FAQ section
for information on how to get these updates.
– Originally posted: August 13, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical* CVE-2020-1147
– CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code
Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147– Version 2.0
– Reason for Revision: To comprehensively address CVE-2020-1147, Microsoft has released
the following: October Security Updates for all affected versions of .NET Framework
installed on Windows 10; October 2020 Monthly Rollup updates AND updated versions of
the Security Only updates released in July 2020 for all affected versions of .NET
Framework installed on Windows 8.1, Windows Server 2012 R2, Windows Server 2012,
Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft strongly
recommends that customers install the updates to be fully protected from the
vulnerability. Customers who install the Security Only updates should ensure that
they re-install the updates after October 13. Customers whose systems are configured
to receive automatic updates do not need to take any further action.
– Originally posted: July 14, 2020
– Updated: October 13, 2020
– Aggregate CVE Severity Rating: Critical**************************************************************************************
1 user thanked author for this post.
anonymous
Guest-
PKCano
ManagerThis is NOT the .Net Security & Quality Rollup issued through Windows Update.
It is a Security-only Rollup that is downloadable from the Microsoft Catalog only.The recommendation is NOT to install the buggy July patch.
The recommendation is to install the FIXED patch re-released on Oct. 13 Patch Tuesday to correct the bugs in the July update.
CraigS26
AskWoody PlusIs this the KB (4578974) .NET patch?
Ref Buggy July Patch fix ….Yes for my 1909. Search showed 7/14/20 Orig Publish and latest Oct 13 ’20.
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0
-
This reply was modified 2 years, 7 months ago by
CraigS26.
DKThompson
AskWoody PlusInstall .NET patches or NOT install????
In Ms Bradley’s 12 Oct 2020 article “How to block the Windows 10 October 2020 Update, version 20H2, from installing”
Under step 3, she said “If you’re on version 1909 or 2004, don’t click that link. If you want to avoid installing Windows 10 version 20H2, don’t click the Download and install link. And always remember — you don’t want to click Check for updates, as this will offer up optional .NET updates on your system that you don’t want installed.”
On Oct 13, 2020 Woody posted this note: “Microsoft re-releases buggy July .NET Security Only patches” where he said “Anyway, if you see a .NET patch from July suddenly appear in October, you need to install it, and now you know why.”
Please advise what the .NET patch means to the average user and when should they be installed
—————————————
Win Pro 2004 OS Build 19041.508-
PKCano
ManagerThe .NET patches in question were Security-only for Win7 and Win8.1 that were downloadable only from the MS Catalog. If you have not been downloading SOs and manually installing them, you have nothing to worry about.
However, if this was your case, for Win7 see #2304011
If you need the info about Win8.1 .NET SO patches re-released from July, let me know ans I will give you the necessary links.The .NET patches for Win10 are Previews, not the Patch Tuesday Security .NET CUs. We don’t recommend installing Previews, so that is what Susan was referring to.
1 user thanked author for this post.
-
anonymous
GuestIn the title, or immediately below the title in a subtitle/other entry one must always include the OSs affected 7, and/or 8/8.1 and/or 10/versions. But “Security Only” does give a hint that it’s 7/8/8.1 sort of issue, if I’m correct.
I’m Windows 10 Home(1909), take it all eventually, Edition after all the Pause Updates clicks expire.
1 user thanked author for this post.
-
PKCano
ManagerYou are right about including the version numbers.
BUT, Win10 does not have Security-only patches of any kind. So you would not be seeing anything like that.
Win7/8.1 Security-only patches are never released through Windows Update. They are MS Catalog download only and manual install. So even Win7/8.1 users would not receive them unknowingly.
1 user thanked author for this post.
-
-
J9438
AskWoody Plus-
PKCano
ManagerThe re-released .NET Security-only patches are for WIn7 and Win8.1 only. They are not even issued through Windows Update for these two versions. They are manual download/install only.
They are NOT for Win10. Win10 does not have Security-only anything.
1 user thanked author for this post.
PerthMike
AskWoody PlusThe re-released .NET Security-only patches are for WIn7 and Win8.1 only. They are not even issued through Windows Update for these two versions. They are manual download/install only.
They are NOT for Win10. Win10 does not have Security-only anything.
Also for Windows 8/2012 Server.
No matter where you go, there you are.
Viewing 6 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Can we control the changes to our operating systems?
by
Susan Bradley
24 minutes ago -
Watch out for fake ‘Windows Defender’ scare
by
B. Livingston
18 minutes ago -
Diagnostics and testing? Get it all done in a flash.
by
Ben Myers
2 hours, 21 minutes ago -
Dip your toe into Visio Online
by
Peter Deegan
2 hours, 22 minutes ago -
Updating Win 10 Pro 21H2 to 22H2
by
bsqrd
9 hours, 48 minutes ago -
Changing mouse pointer options.
by
Artie
2 hours ago -
Desktop or Laptop? What’s your choice?
by
Susan Bradley
6 hours, 14 minutes ago -
Anyone use Auslogics Bitreplica
by
WSjcgc50
1 day, 3 hours ago -
Unleashing the Gaming Revolution: CrossOver Mac’s DirectX 12 Support Update!
by
Alex5723
1 day, 16 hours ago -
Defender’s Offline Scan Fails to Run
by
E Pericoloso Sporgersi
23 hours, 3 minutes ago -
Mouse problem : cannot grab a window without maximizing it
by
Andy M
1 day, 5 hours ago -
End of support for Cortana in Windows
by
Alex5723
15 hours, 49 minutes ago -
Microsoft is really missing an advertising trick
by
Sky
1 day, 15 hours ago -
New MOVEit Transfer zero-day mass-exploited in data theft attacks
by
Alex5723
2 days, 15 hours ago -
Windows 11 Insider Preview build 25381 released to Canary
by
joep517
2 days, 15 hours ago -
Authenticating Email Address
by
IreneLinda
1 day, 15 hours ago -
Confusion about password protecting a folder in W10
by
Cthru
2 days, 18 hours ago -
I broke my right arm yesterday
by
Alex5723
18 hours, 50 minutes ago -
Kaspersky : iOS devices targeted with previously unknown malware
by
Alex5723
2 days, 14 hours ago -
Which Updates From Each List Are Safe to Install ?
by
TheFamilyIT
7 hours, 23 minutes ago -
AOL changes its web based email
by
Charlie
2 days, 13 hours ago -
Windows 11 Insider Preview build 23471 released to DEV
by
joep517
3 days, 16 hours ago -
Windows 11 Insider Preview Build 22621.1830 and 22624.1830 released to BETA
by
joep517
3 days, 16 hours ago -
Spyboy Defense Evasion Tool Advertised Online
by
Alex5723
3 days, 23 hours ago -
Gigabyte motherboards backdoor
by
Alex5723
2 days, 14 hours ago -
numbering in a table
by
RopyDavits
3 days, 9 hours ago -
LMDE 5 32-bit dual boot on seperatd drives
by
bassmanzam
1 day, 7 hours ago -
Microsoft ends 2017 Surface Book 2 support
by
Alex5723
4 days, 15 hours ago -
My monitors won’t turn on
by
Rush2112
11 hours ago -
AMD Software Failed to Launch Because Windows Update Has Replaced the AMD…
by
Alex5723
5 days, 2 hours ago
Recent blog posts
- Can we control the changes to our operating systems?
- Watch out for fake ‘Windows Defender’ scare
- Diagnostics and testing? Get it all done in a flash.
- Dip your toe into Visio Online
- Desktop or Laptop? What’s your choice?
- Beware of Google’s .ZIP domain and password-embedded URLs
- Longstanding feature requests, and their status
- Three typing tutors — no more “hunt and peck”
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.