[German]As of August 8, 2023, Microsoft has patched other software in addition to security updates for Windows and Office. There is a security update for Internet Explorer for various Windows Server versions. And there are also security updates for the .NET Framework for various versions. However, these .NET updates cause installation problems under Windows 11. Below is an addendum to these updates as a collective post.
IE Update KB5029243
Internet Explorer 11 has reached the end of support in Windows and has been replaced by Edge for many Windows versions. But for some Windows versions, Microsoft still provides security updates beyond the support end of the operating system versions, if an Extended Security Updates license has been purchased for them. As of August 8, 2023, Microsoft has released cumulative security update KB5029243 for the following Windows versions:
- Windows Server 2008 / R2
- Windows Server 2012 / R2
According to Microsoft, this security update is supposed to fix vulnerabilities in Internet Explorer (versions 9 and 11), although Microsoft does not disclose any further details. If the monthly rollup updates for the Windows Server versions in question are installed, the patch for Internet Explorer is already included. If security-only updates are used for the machine, the cumulative security update KB5029243 for Internet Explorer must be explicitly installed as well.
If a language pack is installed after installing this update, the IE update must be installed again. Therefore, Microsoft recommends that you install all required language packs before installing this update. Details of known issues and requirements can be found in support article KB5029243.
Updates for the various .NET Framework versions have also been delivered as of August 8, 2023. A list of the various updates including links to the Microsoft Update Catalog can be found on this web page. These .NET Framework updates are intended to address the following vulnerabilities:
- CVE-2023-36899: .NET Framework Remote Code Execution Vulnerability; This security update addresses a vulnerability in applications on IIS using their parent application's Application Pool which can lead to privilege escalation or other security bypasses.
- CVE-2023-36873: .NET Framework Spoofing Vulnerability; This security update addresses a vulnerability where unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate.
In addition, the updates still contain quality and reliability improvements, which can be read in the linked web page.
Installation problems with .NET Framework update KB5028949
Cumulative Update KB5028949 update KB5028949 for .NET Framework 3.5 and 4.8.1 cannot be installed in the Insider Previews of Windows 11 and Windows Server vNext, as can be read e.g. in this Techcommunity forum post. The colleagues from dekmodder.de report here that the installation problem occurs because the .NET Framework 3.5 from Windows is already installed. The Trusted Installer is said to crash. Therefore Windows tries to install the update repeatedly. Here, the update installation should be suspended until Microsoft fixes this issue.
Microsoft Security Update Summary (August 8, 2023)
Patchday: Windows 10 Updates (August 8, 2023)
Patchday: Windows 11/Server 2022 Updates (August 8, 2023)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (August 8, 2023)
Microsoft Office Updates (August 8, 2023)
Cookies helps to fund this blog: Cookie settings