-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security update KB2533623 no longer available #20459
Comments
I'll ask around 😢 |
@florenzen The download is restored. Thank you for reporting it! |
Download is gone again.. Or I was mistaken when I thought it was restored. Reopening. |
Seems to be there again.... hrm |
Ahhh the link inside of the link! Thank you for the clarification.
https://github.com/dotnet/core/tree/master/release-notes/5.0 |
Thanks for the clarification wrt. the Windows 7 support period. There are still Windows Embedded Standard 7 Systems running in e. g. industrial systems that still receive (paid) support, which is the kind of system we are working with. Is there any chance to get a statement from the .NET development wrt. to that kind of Installation? Anyone I could ask? |
You could try filing an issue at the source repo for .NET: https://github.com/dotnet/core/issues they would hopefully be able to get you some sort of information. If that doesn't work after some time, hit me up again and I'll see if I can find someone. |
Hi @adegeo I was wondering you might be able to get any further information, there's not been any conclusion to the issue @florenzen raised for this on the .Net Core repo? Thanks ODN |
Thanks for the ping. I'll send out another email internally. |
Has anyone tested installing KB4457144 as a replacement for KB2533623 on Win7? |
I have tested KB3063858, which is a tiny update (as opposed to KB4457144 - a full monthly rollup), and it does make .NET Core 3.1 work correctly. Once KB3063858 and updated KB2533623 Chocolatey packages pass moderation, .NET Core will again be installable (runtime, sdk, windowshosting) with Chocolatey on Windows 7/2008 R2. |
KB3063858 fixed the problem for me! 32-bit: https://www.microsoft.com/en-us/download/details.aspx?id=47409 |
Same here! KB2533623 liks are broken, but still mentioned as a .NET Core 3.1/.NET 5 necessary dependency. |
> Installing .NET Core prerequisites might help resolve this problem. https://go.microsoft.com/fwlink/?linkid=798306
· The second link for KB2533623<https://support.microsoft.com/help/2533623/microsoft-security-advisory-insecure-library-loading-could-allow-remot>
Is broken.
But I have a copy of Windows6.1-KB2533623-x86.msu.
By the way, I try to install that package (update for XP 32bits) but I get the error:
the update is not applicable to the computer
Guillermo
Enviado desde Correo<https://go.microsoft.com/fwlink/?LinkId=550986> para Windows 10
De: bairog<mailto:[email protected]>
Enviado: miércoles, 2 de diciembre de 2020 06:39
Para: dotnet/docs<mailto:[email protected]>
CC: Guillermo Som<mailto:[email protected]>; Comment<mailto:[email protected]>
Asunto: Re: [dotnet/docs] Security update KB2533623 no longer available (#20459)
The team is researching this. Does anyone have the errors they receive when they run or install .NET 5/Core without these patches?
We have testing environment with clean Windows 7 SP1 x86 (without any updates installed) and clean Windows 10 1607 x64.
On Windows 7 SP1 x86 windowsdesktop-runtime-5.0.0-win-x86.exe installs without problems, but when we run our .NET 5.0 test applications (console/WinForms x86) - we get an error:
The library hostfxr.dll was found, but loading it from C:\Program Files\dotnet\host\fxr\5.0.0\hostfxr.dll failed
Installing .NET Core prerequisites might help resolve this problem. https://go.microsoft.com/fwlink/?linkid=798306
Screenshot
[image]<https://user-images.githubusercontent.com/44995181/100832537-23213c80-3479-11eb-9a3c-ed046d4498bb.png>
Installing KB2533623 (from Web Archive) solves the problem, didn't test KB3063858 yet, mybe later..
P. S. Some of our customers have PCs isolated from Internet/WSUS - so we are to include all needed patches in our software installer.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#20459 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AQ67Z6I4QTVYQ62VLWIAYCLSSXHIZANCNFSM4QYNNEUA>.
|
@adegeo
The main difference is that neither KB2533623 (from Web Archive) nor KB3063858 solves the problem this time. P. S. Some of our customers have PCs isolated from Internet/WSUS - so we are to include KB patches in our software installer. |
@bairog Thank you very much for this information, I'll pass it on to the team! |
I can confirm that the security update is still not available.
@adegeo Don't pass it anywhere, just re-upload the file or fix the link. In case you lost it, you can download it from web.archive.org. Maybe consider to make a big donation to the Internet Archive since they manage to to keep your security patches available and by that de facto handle Microsoft's customer service too. So I think they deserve some appreciation. Side note: your dots below the blue helicopter don't scale consistently in different resolutions as seen in the screen shot. Upon interpretation the helicopter appears to pick up the wrong dot or straight lost it. Kinda ironic. |
I got some clarifications on what has happened. The old patches were removed because they are all signed with SHA-1 certificates, which are no longer secure due to shatter attacks. Microsoft as a whole has moved on to at least SHA-256 security and thus there was a company-wide effort to remove SHA-1 stuff. However, there are newer patches which have been reported as including the fixes required to install .NET on Windows 7: https://www.catalog.update.microsoft.com/Search.aspx?q=kb4534310 @bairog would you be able to confirm this fixes your problem (if you have an easy test environment) I'm going to work on creating a test environment but it would be good to hear from you. Cheers! |
I've performed a test on our clean Windows 7 SP1 x86 (without any updates installed). Installing KB4534310 update results in error: P.S. Even if you find a way to install KB4534310 update and this update makes our our .NET 5.0 test applications (console/WinForms x86) work correctly - that is hardly suitable for us. KB4534310 update is a full monthly rollup (size for Windows 7 SP1 x86 is 204Mb). Including an update that is more than 2 times bigger than our software installer itself (it is less than 100Mb) - is a nonsence. |
@bairog Thank you for testing and giving me some results. I was able to spin up a test machine today too, a clean Win 7 x64 SP1 from the Visual Studio downloads. I also had that same error on some files but I fixed it by unblocking it in the file properties, was that not the source of the problem? Your requirement of having a small footprint for distribution is noted. I'm passing that info and this post on to the team. I was able to boil down and confirm that these steps worked for me. I don't know though if windows update installed something behind me that may have contributed to its success:
|
@adegeo makes our .NET 5.0 test applications (console/WinForms x86) work correctly. I can also confirm that Microsoft Visual C++ 2015-2019 Redistributable 32-bit / 64-bit can be used instead of Microsoft Visual C++ 2015 Redistributable Update 3. P.S. Don't forget to change KB2533623 to KB3063858 and make some comments about Microsoft Visual C++ 2015-2019 Redistributable on .NET Core 3.1/.NET 5 necessary dependency page ASAP. Thank you. |
Thanks for the additional information. I cannot get the installers for 2.1 working though so I'm investigating that. Regardless, I'll get this page updated with this information by tomorrow. Thanks again! |
What exactly do you mean? .NET Core 2.1 or what? |
Correct. I just fixed that though. The .NET Core 2.1 installer requires the certificate you linked to. Core 3.1 and .NET 5 don't require the certificate. |
NB To fully automate MicrosoftRootCertificateAuthority2011.cer certificate installation process (e. g. inside software installers) Certificate Manager (certmgr.exe) can be used to add the certificate via admin command prompt (more info at StackOverflow):
P. S. The Certificate Manager utility is automatically installed with Visual Studio (we obtained it exactly this way) but I suppose it would be handy to have a separate download link for this utility. @adegeo I think you should add all this info for .NET Core 2.1 necessary dependency page |
Thanks for the suggestion. I think I'll skip that for now though. Considering .NET Core 2.1 is going to be end of in 8 months and really anyone looking into automating things like installing certificates should be able to easily find that information on the net. Just a quick search turned up https://www.itninja.com/question/how-do-i-automate-the-import-of-a-certificate-cer-file for me. If you strongly disagree, please open a new issue to discuss it and we can ask some other team members if how they feel about it :) Cheers! |
@adegeo MicrosoftRootCertificateAuthority2011.cer certificate is required not only for .Net Core 2.1 offline installer (EOL in 8 months), but also for .NET Framework 4.8 offline installer (will ship with Windows and is promised to be serviced and supported). |
@bairog, you cannot install Security Monthly Quality Rollup updates like that on a clean system. Also KB4534310 got superseded by KB4598279 in jan.2021. It's less relevant but informative. All of these updates require prerequisites themselves and I doubt there's a one that fits all for all Runtime needs. Best case scenario, is that the user has updated the machine. Overall, while vc runtime + KB3063858, which BTW, is not available in the update catalog (due to prob. the sha1 issue)., might have fixed your test, I doubt it's an overall fix for the whole requirements and dependencies of .NET 5.0 Runtime. |
The security update KB2533623 is no longer available for download from Microsoft. Does that mean a .NET Core Installation on Windows 7 is not possible anymore?
I know, Windows 7 is out of support but there is also Windows Embedded Standard which is based in that version and which still has support in industrial applications.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: