KB5031901 is the latest security update for .NET 7.0. The update was released on 10 October 2023 as part of the ‘Patch Tuesday’ project.
Salient points
- KB5031901 will update the .NET 7.0 framework or environment to version .NET 7.0.12.
- The preceding or previous .NET 7.0 version was 7.0.11. It was released as part of the September 2023 update cycle.
- When you install the latest .NET version, the previous .NET version will be automatically removed. So, .NET 7.0.12 will remove .NET 7.0.11 before the version gets installed.
- .NET 7.0.12 is available for Windows, macOS, and Linux installations.
- Your system or server will reboot after applying the KB5031901 security update.
- The Windows installer files are available for x64, ARM64, and x86 system architectures.
- .NET SDK installers include the .NET Runtime and ASP.NET Runtime. So, separate installation of these runtime environments is not needed.
- .NET SDK is recommended if you intend to develop and build applications. You could install one of the runtimes packages (like ASP.NET Core) to run applications
The .NET 7.0.12 framework will upgrade the runtime environments to the following versions:
- ASP.NET Core Runtime 7.0.12 – includes IIS runtime support (ASP.NET Core Module v2) 17.0.23273.12
- .NET Desktop Runtime 7.0.12
- .NET Runtime 7.0.12
- .NET SDK 7.0.112 – includes .NET Runtime 7.0.12, ASP.NET Core Runtime 7.0.12, NET Desktop Runtime 7.0.12
Vulnerabilities
- .NET 7.0 is affected by 3 security vulnerabilities.
- Out of these 3 vulnerabilities, CVE-2023-44487 is a zero-day threat. It has already been exploited and is publicly disclosed.
- ASP.NET 7.0 is affected by a single zero-day threat CVE-2023-44487.
The current version of .NET 7.0.12 resolves the following vulnerabilities for .NET 7.0 and ASP.NET Core 7.0:
| Framework | Vulnerability | CVSS Score | Impact | Severity |
|---|---|---|---|---|
| .NET 7.0 | CVE-2023-38171 | 7.5 | Denial of Service | Important |
| .NET 7.0 | CVE-2023-36435 | 7.5 | Denial of Service | Important |
| .NET 7.0 | CVE-2023-44487 | Denial of Service | Important | |
| ASP.NET 7.0 | CVE-2023-44487 | Denial of Service | Important |
You can see that CVE-2023-44487 affects .NET 7.0 and ASP.NET Core 7.0. This is a ‘Denial of Service’ vulnerability that could be caused by the HTTP/2 Rapid Reset Attack.
The threat has been resolved in KB5031901. Alternatively, you could mitigate this threat using a registry value.
To mitigate CVE-2023-44487, you can disable the HTTP/2 protocol on the server by following the approach below:
- Use the registry editor to open the hive: HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
- Set DWORD EnableHttp2Tls to 0
- Set DWORD EnableHttp2Cleartext to 0.
This will disable the HTTP/2 protocol on the server.
To enable the HTTP/2 protocol, the DWORD value for both should change from value 0 to 1 value.
.NET 7.0 Compatible Windows Operating Systems
.NET 7.0 framework is compatible with the following Windows operating systems:
- Windows 11
- Windows Server 2022
- Windows Server version 1903 or higher
- Windows 10 version 1607 or higher
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server Core 2012
- Windows Server Core 2012 R2
- Nano Server version 1909 and later
The .NET 7.0 framework is not compatible with:
- Windows 8.1
- Windows 7 Service Pack 1ESU
- Nano Server version 1803
As of now, Microsoft supports .NET 6.0 and .NET 7.0 frameworks. The following .NET frameworks are not supported:
- .NET 5
- .NET Core 3.1
- .NET Core 3.0
- .NET Core 2.2
- .NET Core 2.1
- .NET Core 2.0
Download .NET 7.0
.NET 7.0.12 security update can be downloaded as .NET Runtime, ASP.NET Runtime, Desktop Runtime or .NET SDK downloads.
We look at the ready reference links for downloading .NET 7.0.12 for each of these environments below:
Download ASP.NET Core Runtime 7.0.12
You can download ASP.NET Core Runtime 7.0.12 as a binary or as an installer file. The download links for various system architectures are shared below.
| System Architecture | Download link for KB5031901 ASP.NET Core runtime |
|---|---|
| x64 | Direct download .NET 7.0.12 Core Runtime for x64 |
| x64 | x64 installer for .NET 7.0.12 Core Runtime |
| x86 | Direct download .NET 7.0.12 Core Runtime for x86 |
| x86 | x86 installer for .NET 7.0.12 Core Runtime |
Download .NET Runtime 7.0.12
The .NET Runtime 7.0.12 is part of the security update KB5031901. You can use the direct download link for the .NET Runtime. Or, you could use the installer files instead.
Download .NET Desktop Runtime 7.0.12
The .NET Desktop Runtime 7.0.12 also includes the .NET Runtime 7.0.12.
The .NET Desktop Runtime 7.0.12 for KB501901 security update can be downloaded from the following links:
Download .NET SDK 7.0.112
The .NET SDK 7.0.112 includes:
- NET Runtime 7.0.12
- ASP.NET Core Runtime 7.0.12
- .NET Desktop Runtime 7.0.12
So, if you were to use .NET SDK 7.0.112, there is no need for separate installation of the .NET Runtime and the ASP.NET Core Runtime.
| System architecture | Download KB5031901 .NET SDK 7.0.112 |
|---|---|
| x64 | Download KB5031901 .NET SDK 7.0.112 Runtime from Dotnet |
| x64 | Direct download link for KB5031901 .NET SDK 7.0.112 |
| x86 | Download KB5031901 .NET SDK 7.0.112 from Dotnet |
| x86 | Direct download link for KB5031901 .NET SDK 7.0.112 |
| ARM64 | Download KB5031901 .NET SDK 7.0.112 from Dotnet |
| ARM64 | Direct download link for KB5031901 .NET SDK 7.0.112 |
Checksum values
Post download of the Runtime installer files, you may want to verify the checksum values of each file. The table below contains Checksum values for the various installer files.
| Runtime | Checksum values for KB5031901 |
|---|---|
| .NET Runtime 7.0.12 for x64 | 87b6ac2b1356a48be409c89c11a44093e124a18d8dcca8afa49e7da9dbea416b0024dc0c12fdd44b9047c3dde38979595a301d3102a4f6110132e610f468a4bd |
| .NET Runtime 7.0.12 for x86 | 36f49b417d30a5901ae18fdc7ed540ea88851ef449f34460f580fedcdf0644365989ff0d421584e3a52da6eca394a1327b7c118f4b2b053b875d2064fbd8a1ad |
| .NET Runtime 7.0.12 for ARM64 | f1e258c048588fdddc4141545bf44d2288ba99d798f8d24d31eb03691e73a223fda111835dafb84af7234532546792320deed5a95dafe9ec2254035a05c2c4a3 |
| .NET Desktop Runtime 7.0.12 for x64 | a366e858eaca7330358ef5d7a7efada45cc64284e36ba9f7722fa1a1644b1b34b343e700ce718ef67d08c7abf718eff7aefb4d5909ca7b5f63b4056b132c83de |
| .NET Desktop Runtime 7.0.12 for x86 | ce33129b2c6efe948b1eed73d127e3a5b0bd0af727474c2b8971b9075e37137cd985e58d2e47b9b1f0152a527eac98545e6cdb40054a34a6e3286601069ce259 |
| .NET Desktop Runtime 7.0.12 for ARM64 | 1623a026b9f247dd503c05fafcd8ce05d7a1fd6109eaae0d0aed00b579729fc7084df23f5a60dd300d5ba23aef9c50b4ebb0871b3e26f682da406f2f72afc65f |
| ASP.NET Runtime 7.0.12 for x64 | 8b77e3d3084e5b5904a8e18b6294bec1a8ee9a3ca52713a9237ee411737bca7bd890d2616a92fc4d55fdd4be2097ab05b0e7e88f48cb36699826ede5e16f7899 |
| ASP.NET Runtime 7.0.12 for x86 | 7ee68298dfa31c65968a9d89d407d73581b1262bbc568c02eadcc85b40e4cadf2a1526152a1f35e91fa978feaa269895b3f50445f20ef680feec5fd9cdbebaf8 |
| .NET SDK 7.0.112 for x64 | 50c46de170af9644872f88540998767ec6d858db474e1b3c0335c38a914ca466d579c048666ec0a1a1a9109669ebee3cf6c65feb83109eddf479cbde6815ccf4 |
| .NET SDK 7.0.112 for x86 | 8e8ae769b5931ce25495ae8eb65b13126e1b71406491cf4292318a413b752a04d8029eca20a95fe803f191f96d1b6706f16023902ce792635053ca64358206a0 |
| .NET SDK 7.0.112 for ARM64 | 01becb13a70466b0b9f454f6ef661bec60c24f0d22ccb82971557dc9adabb038135ac53862235950e83325bfb6d4fdcb298c366fdf7f7a03208d10d6244a038f |
October 2023 Cumulative or Security updates
You may also like to refer to the following cumulative updates or security updates released in October 2023:
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.