KB5031901 Update for .NET 7.0

KB5031901 is the latest security update for .NET 7.0. The update was released on 10 October 2023 as part of the ‘Patch Tuesday’ project.

Salient points

  • KB5031901 will update the .NET 7.0 framework or environment to version .NET 7.0.12.
  • The preceding or previous .NET 7.0 version was 7.0.11. It was released as part of the September 2023 update cycle.
  • When you install the latest .NET version, the previous .NET version will be automatically removed. So, .NET 7.0.12 will remove .NET 7.0.11 before the version gets installed.
  • .NET 7.0.12 is available for Windows, macOS, and Linux installations.
  • Your system or server will reboot after applying the KB5031901 security update.
  • The Windows installer files are available for x64, ARM64, and x86 system architectures.
  • .NET SDK installers include the .NET Runtime and ASP.NET Runtime. So, separate installation of these runtime environments is not needed.
  • .NET SDK is recommended if you intend to develop and build applications. You could install one of the runtimes packages (like ASP.NET Core) to run applications

The .NET 7.0.12 framework will upgrade the runtime environments to the following versions:

  • ASP.NET Core Runtime 7.0.12 – includes IIS runtime support (ASP.NET Core Module v2) 17.0.23273.12
  • .NET Desktop Runtime 7.0.12
  • .NET Runtime 7.0.12
  • .NET SDK 7.0.112 – includes .NET Runtime 7.0.12, ASP.NET Core Runtime 7.0.12, NET Desktop Runtime 7.0.12


  • .NET 7.0 is affected by 3 security vulnerabilities.
  • Out of these 3 vulnerabilities, CVE-2023-44487 is a zero-day threat. It has already been exploited and is publicly disclosed.
  • ASP.NET 7.0 is affected by a single zero-day threat CVE-2023-44487.

The current version of .NET 7.0.12 resolves the following vulnerabilities for .NET 7.0 and ASP.NET Core 7.0:

FrameworkVulnerabilityCVSS ScoreImpactSeverity
.NET 7.0CVE-2023-381717.5Denial of ServiceImportant
.NET 7.0CVE-2023-364357.5Denial of ServiceImportant
.NET 7.0CVE-2023-44487Denial of ServiceImportant
ASP.NET 7.0CVE-2023-44487Denial of ServiceImportant

You can see that CVE-2023-44487 affects .NET 7.0 and ASP.NET Core 7.0. This is a ‘Denial of Service’ vulnerability that could be caused by the HTTP/2 Rapid Reset Attack.

The threat has been resolved in KB5031901. Alternatively, you could mitigate this threat using a registry value.

To mitigate CVE-2023-44487, you can disable the HTTP/2 protocol on the server by following the approach below:

  1. Use the registry editor to open the hive: HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
  2. Set DWORD EnableHttp2Tls to 0
  3. Set DWORD EnableHttp2Cleartext to 0.

This will disable the HTTP/2 protocol on the server.

To enable the HTTP/2 protocol, the DWORD value for both should change from value 0 to 1 value.

.NET 7.0 Compatible Windows Operating Systems

.NET 7.0 framework is compatible with the following Windows operating systems:

  • Windows 11
  • Windows Server 2022
  • Windows Server version 1903 or higher
  • Windows 10 version 1607 or higher
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server Core 2012
  • Windows Server Core 2012 R2
  • Nano Server version 1909 and later

The .NET 7.0 framework is not compatible with:

  • Windows 8.1
  • Windows 7 Service Pack 1ESU
  • Nano Server version 1803

As of now, Microsoft supports .NET 6.0 and .NET 7.0 frameworks. The following .NET frameworks are not supported:

  • .NET 5
  • .NET Core 3.1
  • .NET Core 3.0
  • .NET Core 2.2
  • .NET Core 2.1
  • .NET Core 2.0

Download .NET 7.0

.NET 7.0.12 security update can be downloaded as .NET Runtime, ASP.NET Runtime, Desktop Runtime or .NET SDK downloads.

We look at the ready reference links for downloading .NET 7.0.12 for each of these environments below:

Download ASP.NET Core Runtime 7.0.12

You can download ASP.NET Core Runtime 7.0.12 as a binary or as an installer file. The download links for various system architectures are shared below.

System ArchitectureDownload link for KB5031901 ASP.NET Core runtime
x64Direct download .NET 7.0.12 Core Runtime for x64
x64x64 installer for .NET 7.0.12 Core Runtime
x86Direct download .NET 7.0.12 Core Runtime for x86
x86x86 installer for .NET 7.0.12 Core Runtime

Download .NET Runtime 7.0.12

The .NET Runtime 7.0.12 is part of the security update KB5031901. You can use the direct download link for the .NET Runtime. Or, you could use the installer files instead.

System architectureDownload KB5031901 .NET Runtime
x64Download KB5031901 .NET Runtime from Dotnet
x64Direct download link for KB5031901 .NET Runtime 7.0.12
x86Download KB5031901 .NET Runtime from Dotnet
x86Direct download link for KB5031901 .NET Runtime 7.0.12
ARM64Download KB5031901 .NET Runtime from Dotnet
ARM64Direct download link for KB5031901 .NET Runtime 7.0.12

Download .NET Desktop Runtime 7.0.12

The .NET Desktop Runtime 7.0.12 also includes the .NET Runtime 7.0.12.

The .NET Desktop Runtime 7.0.12 for KB501901 security update can be downloaded from the following links:

System architectureDownload KB5031901 .NET Desktop Runtime
x64Download KB5031901 .NET Desktop Runtime from Dotnet
x64Direct download link for KB5031901 .NET Desktop Runtime 7.0.12
x86Download KB5031901 .NET Desktop Runtime from Dotnet
x86Direct download link for KB5031901 .NET Desktop Runtime 7.0.12
ARM64Download KB5031901 .NET Desktop Runtime from Dotnet
ARM64Direct download link for KB5031901 .NET Desktop Runtime 7.0.12

Download .NET SDK 7.0.112

The .NET SDK 7.0.112 includes:

  • NET Runtime 7.0.12
  • ASP.NET Core Runtime 7.0.12
  • .NET Desktop Runtime 7.0.12

So, if you were to use .NET SDK 7.0.112, there is no need for separate installation of the .NET Runtime and the ASP.NET Core Runtime.

System architectureDownload KB5031901 .NET SDK 7.0.112
x64Download KB5031901 .NET SDK 7.0.112 Runtime from Dotnet
x64Direct download link for KB5031901 .NET SDK 7.0.112
x86Download KB5031901 .NET SDK 7.0.112 from Dotnet
x86Direct download link for KB5031901 .NET SDK 7.0.112
ARM64Download KB5031901 .NET SDK 7.0.112 from Dotnet
ARM64Direct download link for KB5031901 .NET SDK 7.0.112

Checksum values

Post download of the Runtime installer files, you may want to verify the checksum values of each file. The table below contains Checksum values for the various installer files.

RuntimeChecksum values for KB5031901
.NET Runtime 7.0.12 for x6487b6ac2b1356a48be409c89c11a44093e124a18d8dcca8afa49e7da9dbea416b0024dc0c12fdd44b9047c3dde38979595a301d3102a4f6110132e610f468a4bd
.NET Runtime 7.0.12 for x8636f49b417d30a5901ae18fdc7ed540ea88851ef449f34460f580fedcdf0644365989ff0d421584e3a52da6eca394a1327b7c118f4b2b053b875d2064fbd8a1ad
.NET Runtime 7.0.12 for ARM64f1e258c048588fdddc4141545bf44d2288ba99d798f8d24d31eb03691e73a223fda111835dafb84af7234532546792320deed5a95dafe9ec2254035a05c2c4a3
.NET Desktop Runtime 7.0.12 for x64a366e858eaca7330358ef5d7a7efada45cc64284e36ba9f7722fa1a1644b1b34b343e700ce718ef67d08c7abf718eff7aefb4d5909ca7b5f63b4056b132c83de
.NET Desktop Runtime 7.0.12 for x86ce33129b2c6efe948b1eed73d127e3a5b0bd0af727474c2b8971b9075e37137cd985e58d2e47b9b1f0152a527eac98545e6cdb40054a34a6e3286601069ce259
.NET Desktop Runtime 7.0.12 for ARM641623a026b9f247dd503c05fafcd8ce05d7a1fd6109eaae0d0aed00b579729fc7084df23f5a60dd300d5ba23aef9c50b4ebb0871b3e26f682da406f2f72afc65f
ASP.NET Runtime 7.0.12 for x648b77e3d3084e5b5904a8e18b6294bec1a8ee9a3ca52713a9237ee411737bca7bd890d2616a92fc4d55fdd4be2097ab05b0e7e88f48cb36699826ede5e16f7899
ASP.NET Runtime 7.0.12 for x867ee68298dfa31c65968a9d89d407d73581b1262bbc568c02eadcc85b40e4cadf2a1526152a1f35e91fa978feaa269895b3f50445f20ef680feec5fd9cdbebaf8
.NET SDK 7.0.112 for x6450c46de170af9644872f88540998767ec6d858db474e1b3c0335c38a914ca466d579c048666ec0a1a1a9109669ebee3cf6c65feb83109eddf479cbde6815ccf4
.NET SDK 7.0.112 for x868e8ae769b5931ce25495ae8eb65b13126e1b71406491cf4292318a413b752a04d8029eca20a95fe803f191f96d1b6706f16023902ce792635053ca64358206a0
.NET SDK 7.0.112 for ARM6401becb13a70466b0b9f454f6ef661bec60c24f0d22ccb82971557dc9adabb038135ac53862235950e83325bfb6d4fdcb298c366fdf7f7a03208d10d6244a038f

October 2023 Cumulative or Security updates

You may also like to refer to the following cumulative updates or security updates released in October 2023:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.