July 2024 security and quality rollup

Released July 9, 2024

Summary of what's new in this release

Security improvements

CVE-2024-38081 – Remote code execution vulnerability

This security update addresses an elevation of privilege vulnerability detailed in CVE 2024-38081.

Quality and reliability improvements

This release contains the following quality and reliability improvements.

.NET fundamentals

Addresses an issue with x509 certificate use under PPL in Azure AD. (Applies to: .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1.)

Winforms

Addresses an issue with the size of memory leaks associated with AccessibleObjects held in memory due to ref-counting. (Applies to: .NET Framework 4.8, 4.8.1.)

Known issues

This release contains no known issues.

Summary tables

The following table outlines the updates in this release.

Product version Cumulative update
Microsoft server operating system, version 23H2
.NET Framework 3.5, 4.8.1 5039892
Windows 11, version 22H2 and Windows 11, version 23H2
.NET Framework 3.5, 4.8.1 5039895
Microsoft server operating system, version 22H2 5041025
.NET Framework 3.5, 4.8 5039889
.NET Framework 3.5, 4.8.1 5039907
Windows 11, version 21H2 5037037
.NET Framework 3.5, 4.8 5039887
.NET Framework 3.5, 4.8.1 5039906
Microsoft server operating system, version 21H2 5041016
.NET Framework 3.5, 4.8 5039889
.NET Framework 3.5, 4.8.1 5039907
Windows 10, version 22H2 5041019
.NET Framework 3.5, 4.8 5039884
.NET Framework 3.5, 4.8.1 5039893
Windows 10, version 21H2 5041018
.NET Framework 3.5, 4.8 5039884
.NET Framework 3.5, 4.8.1 5039893
Windows 10 1809 and Windows Server 2019 5041017
.NET Framework 3.5, 4.7.2 5039879
.NET Framework 3.5, 4.8 5039886
Windows 10 1607 and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 5040434
.NET Framework 4.8 5039885
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.2 5040448

The following table is for earlier Windows and Windows Server versions for Security and Quality Rollup updates.  

Product version Security and quality rollup
Windows Server 2012 R2 5041023
.NET Framework 3.5 5039910
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5039881
.NET Framework 4.8 5039890
Windows Server 2012 5041022
.NET Framework 3.5 5039908
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5039880
.NET Framework 4.8 5039888
Windows Server 2008 R2 5041021
.NET Framework 3.5.1 5039909
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5039882
.NET Framework 4.8 5039891
Windows Server 2008 5041024
.NET Framework 2.0, 3.0 5039911
.NET Framework 3.5 SP1 5040673
.NET Framework 4.6.2 5039882

The following table is for earlier Windows and Windows Server versions for Security Only updates, which aren't cumulative.

Product version Security only update
Windows Server 2008 R2 5041026
.NET Framework 3.5.1 5040119
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 5040122
.NET Framework 4.8 5040123
Windows Server 2008 5041027
.NET Framework 2.0, 3.0 5040118
.NET Framework 3.5 SP1 5040680
.NET Framework 4.6.2 5040122

The operating system rows list a KB that's used for update-offering purposes. When the operating system KB is offered, the applicability logic determines the specific .NET Framework updates that will be installed. Updates for individual .NET Framework versions are installed based on the version of .NET Framework that's already present on the device. Because of this, the operating system KB is not expected to be listed as an installed update on the device. The expected updates to be installed are the .NET Framework–specific version updates listed in the preceding table.