Microsoft removed the .NET Framework security updates from the JULY 2018 Patch Tuesday updates after some corporate users were impacted by server application issues.  Replacement security patches will likely be introduced in future, after further testing & refinement to ensure issues don’t materialize again.

Microsoft’s Friday announcement specifically pointed to an “Important” security patch to the .NET Framework (CVE-2018-8356). It contains a flaw that affects applications that “initialize a COM component and run with restricted permissions,” according to the announcement. Specifically, it can affect users of SharePoint, BizTalk Server Administration Console and Internet Information Services (IIS) with “classic” ASP, as well as other .NET applications that use “COM and impersonation.”

In response to the problems, Microsoft has stopped distributing the July .NET Framework patches from its Windows Update service and is working on correcting and reshipping the July patch releases. Organizations should apply this reshipped July patch, when it arrives, even if they weren’t affected initially.  “If you installed the July 2018 update and have not yet seen any negative behavior, we recommend that you leave your systems as-is but closely monitor them and ensure that you apply upcoming .NET Framework updates,” the announcement explained.