If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to make this choice will be seen on the download page. If you use other development environments, we recommend using the latest SDK release.

.NET Core 2.2.5 and .NET Core SDK

.NET Core 2.1.11 and .NET Core SDK

.NET Core 1.1.13 and .NET Core SDK

.NET Core 1.0.16 and .NET Core SDK

Welcome to the Microsoft Patch Day overview for May 2019. Microsoft released security updates and non-security updates for all supported versions of the Windows operating system -- client and server -- and other Microsoft products such as Microsoft Office on May 14, 2019.

Our overview provides you with information and resource links; we cover all major update releases for all Microsoft platforms, provide an overview of critical updates (which you may want to address quickly), operating system distribution statistics, and download instructions.

Microsoft plans to release the May 2019 Update for Windows 10 at the end of the month; check out this guide if you plan to update to the new feature update for Windows 10. If you take the disastrous Windows 10 version 1809 release into account, it is probably better to wait several months before you consider installing the update on production machines. Visual Studio Training

Microsoft Windows Security Updates May 2019

Expected updates in .NET Core

Security

.NET Core Tampering Vulnerability(CVE-2019-0820)

When .NET Core improperly processes RegEx strings, a denial of service vulnerability exists. In this case, the attacker who can successfully exploit this vulnerability can cause a denial of service against a .NET application. Even a remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

This update addresses this vulnerability by correcting how .NET Core applications handle RegEx string processing.

This security advisory provides information about a vulnerability in .NET Core 1.0, 1.1, 2.1 and 2.2.

Denial of Service vulnerability in .NET Core and ASP.NET Core (CVE-2019-0980 & CVE-2019-0981)

When .NET Core and ASP.NET Core improperly handle web requests, denial of service vulnerability exists. An attacker who can successfully exploit this vulnerability can cause a denial of service against a .NET Core and ASP.NET Core application. This vulnerability can be exploited remotely and without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

This update addresses this vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests.

(.net online training )

This security advisory provides information about the two vulnerabilities (CVE-2019-0980 & CVE-2019-0981) in .NET Core and ASP.NET Core 1.0, 1.1, 2.1, and 2.2.

ASP.NET Core Denial of Service vulnerability(CVE-2019-0982)

When ASP.NET Core improperly handles web requests, a denial of service vulnerability exists. An attacker who can successfully exploit this vulnerability can cause a denial of service against an ASP.NET Core web application. This vulnerability can be exploited remotely and without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.

This update addresses this vulnerability by correcting how the ASP.NET Core web application handles web requests.

This security advisory provides information about a vulnerability (CVE-2019-0982) in ASP.NET Core 2.1 and 2.2.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.0.22 (.NET Core 1.0 and 1.1) and 15.9.9 (.NET Core 1.0, 1.1 and 2.1) updates, which is also releasing today. Choose Check for Updates in the Help menu.

See the .NET Core release notes ( 1.0.16 | 1.1.13 | 2.1.11 | 2.2.5 ) for details on the release including issues fixed and affected packages.

Executive Summary

Microsoft released security updates for all supported versions of Windows.

All versions of Windows are affected by CVE-2019-0903,  a GDI+ Remote Code Execution Vulnerability critical vulnerability.

• Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708, Remote Desktop Services Remote Code Execution Vulnerability
• Microsoft released a security update for Windows XP (KB4500331)
• All server versions affected by CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability.
• Server 2008 R2 only version affected by CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability.
• Other Microsoft products with security update release: IE, Edge, Team Foundation Server, SQL Server, Azure, Skype for Android, Office, Visual Studio, Azure DevOps Server, .Net Framework and Core, ASP.NET Core, chakra core, NuGet.
• The Update Catalog lists 243 updates.

Docker Images

.NET Docker images have been updated for today’s release. The following reports have been updated.

microsoft/dotnet

microsoft/dotnet-samples

microsoft/aspnetcore

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.