January 2019 .NET Core Updates 09 January 2019 03:50 Sam MacDonald .NET Core, ASP.NET, Visual Studio, Security Fixes (0) TweetShareYesterday saw the release of the January 2019 update to .NET Core..NET Core 2.1.7 and .NET Core SDK 2.1.503 ( Download | Release Notes ).NET Core 2.2.1 and .NET Core SDK 2.2.102 ( Download | Release Notes )These updates contain security and reliability fixes.Security Fixes.NET Core Information Disclosure Vulnerability – CVE-2019-0545Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.ASP.NET Core Denial Of Service Vulnerability – CVE-2019-0564, CVE-2019-0548Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service..NET Core Tampering Vulnerability – CVE-2018-8416A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.Where to Get the UpdateThis update is included in the Visual Studio 15.9.5 update, which was also released yesterday. The latest .NET Core updates are available on the .NET Core download page.Windows ARM supportIncluded in this update is the first availability of the .NET Core for Windows Server, version 1809 ARM32. The SDK zip is expected to be live today.