January 2024 security and quality rollup

Released January 8, 2024

Summary of what's new in this release

Security improvements

CVE-2023-36042 – Denial of service vulnerability

This security update addresses a remote code execution vulnerability detailed in CVE 2023-36042.

CVE-2024-0056 – Security feature bypass vulnerability

This security update addresses a security feature bypass vulnerability detailed in CVE 2024-0056.

CVE-2024-0057 – Security feature vulnerability

This security update addresses a security feature vulnerability detailed in CVE 2024-0057.

CVE-2024-21312 – Denial of service vulnerability

This security update addresses a denial of service vulnerability detailed in CVE 2024-21312.

Remote code execution vulnerability

This security update addresses a remote code execution vulnerability to HTTP .NET remoting server channel chain.

Quality and reliability improvements

There are no new Quality and Reliability Improvements in this update.

Known issues

This release contains no known issues.

Summary tables

The following table outlines the updates in this release.

Product version Cumulative update
Microsoft server operating system, version 23H2
.NET Framework 3.5, 4.8.1 5033917
Windows 11, version 22H2 and Windows 11, version 23H2
.NET Framework 3.5, 4.8.1 5033920
Windows 11, version 21H2 5034276
.NET Framework 3.5, 4.8 5033912
.NET Framework 3.5, 4.8.1 5033919
Microsoft server operating system, version 22H2 5034272
.NET Framework 3.5, 4.8 5033914
.NET Framework 3.5, 4.8.1 5033922
Microsoft server operating system, version 21H2 5034272
.NET Framework 3.5, 4.8 5033914
.NET Framework 3.5, 4.8.1 5033922
Windows 10, version 22H2 5034275
.NET Framework 3.5, 4.8 5033909
.NET Framework 3.5, 4.8.1 5033918
Windows 10, version 21H2 5037035
.NET Framework 3.5, 4.8 5033909
.NET Framework 3.5, 4.8.1 5033918
Windows 10 1809 and Windows Server 2019 5034273
.NET Framework 3.5, 4.7.2 5033904
.NET Framework 3.5, 4.8 5033911
Windows 10 1607 and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 5034119
.NET Framework 4.8 5033910
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.2 5034134

The following table is for earlier Windows and Windows Server versions for Security and Quality Rollup updates.  

Product version Security and quality rollup
Windows Server 2012 R2 5034279
.NET Framework 3.5 5033900
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5033906
.NET Framework 4.8 5033915
Windows Server 2012 5034278
.NET Framework 3.5 5033897
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5033905
.NET Framework 4.8 5033913
Windows Server 2008 R2 5034277
.NET Framework 3.5.1 5033899
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5033907
.NET Framework 4.8 5033916
Windows Server 2008 5034280
.NET Framework 2.0, 3.0 5033898
.NET Framework 3.5 SP1 5034008
.NET Framework 4.6.2 5033907

The following table is for earlier Windows and Windows Server versions for Security Only updates, which aren't cumulative.

Product version Security only update
Windows Server 2008 R2 5034269
.NET Framework 3.5.1 5033946
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5033947
.NET Framework 4.8 5033948
Windows Server 2008 5034270
.NET Framework 2.0, 3.0 5033945
.NET Framework 3.5 SP1 5033952
.NET Framework 4.6.2 5033947

The operating system row lists a KB which will be used for update offering purposes. When the operating system KB is offered, the applicability logic will determine the specific .NET Framework update(s) will be installed. Updates for individual .NET Framework versions will be installed based on the version of .NET Framework that is already present on the device. Because of this the operating system KB is not expected to be listed as installed updates on the device. The expected update to be installed are the .NET Framework specific version updates listed in the preceding table.