An approach to isolation, security, and trust in the Microsoft cloud

I am excited to announce the distribution of Azure Virtual Datacenter guidance. Azure Virtual Datacenter (VDC) is an approach to making the most of the Azure cloud platform's capabilities while respecting your existing security and networking policies. When deploying enterprise workloads to the cloud, IT organizations and business units must balance governance with developer agility. Azure Virtual Datacenter provides models to achieve this balance with an emphasis on governance.

Enterprise IT wants their cloud-based applications to be governed by many of the same policies as their on-premises implementations. Even born-in-the-cloud applications, especially multitenant PaaS offerings and SaaS application such as Office 365, need to have well defined isolation boundaries and role-based policy enforcement. The Azure Virtual Datacenter model begins to give enterprise IT the controls they need to enforce governance.

The Azure Virtual Datacenter model provides guidance for a coherent and consistent deployment model of workloads in the Azure cloud. The first edition of this model focuses on creating a trusted datacenter extension for virtual machine-based workloads hosted on the public cloud with a connection to an on-premises datacenter. Future editions of this model will show how additional elements can be used to achieve isolation of more complex scenarios, such as orchestrator based workloads or workloads composed of platform services. Future models will also support secure Internet access directly from the virtual datacenter.

The Azure Virtual Datacenter model can be a cornerstone of many large-scale datacenter migration plans. Though datacenter migrations are inherently complex, and VDC is only one part, it does give Azure customers a familiar starting point for designing Azure deployments of multiple applications. We have found that even if VDC is used just as a discussion starting point, it does help enterprise IT teams to accelerate the migration conversations with their line-of-business and security team counterparts.

We hope you find this initial guidance useful.

This blog post is co-authored with Ellis Hiroki Butterfield, Program Manager for SQL DW and Josh Caplan, Program Manager for Azure Analysis Services.

Azure SQL Data Warehouse is Microsoft’s SQL analytics platform, the backbone of your Enterprise Data Warehouse. The service is designed to allow customers to elastically (and independently) scale compute and storage with massively parallel processing. SQL DW integrates seamlessly with big data stores and acts as a hub to your data marts and cubes for an optimized and tailored performance of your EDW. Azure SQL DW offers guaranteed 99.9% high availability, compliance, advanced security, and tight integration with upstream and downstream services so you can build a data warehouse that fits your needs. Azure SQL DW is the first and only service enabling enterprises to replicate their data everywhere with global availability in more than 30 regions. Today, we will show you how to push data quickly into Azure Analysis Services for optimized performance.

Benefits of using Azure Analysis Service with SQL DW

Several great benefits exist when leveraging Azure Analysis Services (AAS) with SQL DW:

• Fewer to no queued queries while increasing the overall solution concurrency
• Improved short query read performance with AAS as a caching layer
• Reduce overall solution cost by lowering DWU levels for SQL DW with query offloading

Below is an example of a customer with an optimal DWU level but still had ~3-4% of its queries queued due to a variety of query types competing for concurrency on the data warehouse. Azure Analysis Services can offload small read queries from the dashboard and data wrangling tool. The effect on lowering queued queries is very visible.

Figure 1 - Time continuity not representative

Create an Analysis Services cube from SQL DW in 2 minutes!

Creating a model from SQL DW is extremely easy and can be done through Azure portal. In this example, we have a SQL Data Warehouse instance. In this example, we have selected an S0 pricing tier. You can always upgrade later on or even pause your Azure Analysis Services instance. You can achieve high concurrency and performance for your BI dashboards. You will be able to offload the provisioned capacity for SQL DW and lower your overall data warehouse cost.

Step 1 - Open the Web Designer from an Azure Analysis instance created

Step 2 - Select the server you need and in the model section, Click on + Add

Step 3 - Add Name, Select Azure SQL Data Warehouse, Select the Server, Username/Password and Database name

Step 4 - Select the Tables you want to push and click Create

Step 5 - Click Model and then Edit Relationships to establish connections between your tables

Step 6 - In this example, we connect the subscription ID from the customer database to the table with many subscription IDs with consumption and then save

You can now further develop your model using Visual Studio! With Power BI Desktop and EXCEL you can query the model.

Refresh quickly your data in Azure Analysis Services Use automated partition management

Large datasets normally require table partitioning to accelerate and optimize the data-load process. Partitioning enables incremental loads, increases parallelization, and reduces memory consumption. While we plan to integrate an intuitive UI to decide how you want your model to be updated (e.g. add new partitions, remove old partitions), in the meantime, we recommend visiting the documentation page to implement incremental updates with Azure Analysis Services.

If you need our help for a POC, contact us directly by clicking here. Stay up-to-date on the latest Azure SQL DW news and features by following us on Twitter @AzureSQLDW.

It is inevitable that last week in Azure will soon be overshadowed by all the announcements and demos that will stream from the Microsoft Connect(); 2017 event in New York City, which starts on Wednesday. Until then, take a look at the highlights below:

1. Data and analytics updates

Following PASS Summit 2017 in Seattle, several Azure news items related to Data & Analytics came out. Josh Caplan, Senior Program Manager, posted about Introducing query replica scale-out for Azure Analysis Services, which enables client queries to be distributed among multiple query replicas in a query pool, reducing response times during high query workloads. You can also separate processing from the query pool, ensuring client queries are not adversely affected by processing operations.

Microsoft Cosmos DB in Azure Storage Explorer – public preview in blog post from Jenny Jiang, Principal Program Manager, Big Data Team. Now you can use Azure Storage Explorer to explore and manage Azure Cosmos DB entities.

Veljko Vasic, Program Manager, announced that automatic tuning will be a new default for Azure SQL Database. Existing customers will receive an email prior to enablement, which will roll out starting in January. You can learn more about automatic tuning in this recent episode of Azure Friday:

2. Accelerating enterprise blockchain

Last week, a pair of blog posts provided some great explanations on two different topics in Azure: Adopting Enterprise Blockchain and Open Source Indeminication. Pablo Junco Sr., Solutions Business Manager, Microsoft Services, authored a post about accelerating the adoption of enterprise blockchain, in which he outlines how organizations are exploring the use of blockchain technology to solve their business problems without using public blockchain networks.

3. Azure IP Advantage

In his post about why Microsoft offers uncapped indemnification for open source in Azure, Jim Ross, Assistant General Counsel, Intellectual Property Group, Patent Conflicts and Indemnities Team, outlines why Microsoft developed Microsoft Azure IP Advantage. Microsoft is responding to the concerns of Azure customers and are extending our traditional IP indemnification to protect customers using open source technologies that power many Azure products and services today. Check out this short video to learn more:

4. Automatic OS Upgrades in VM Scale Sets

Announcing automatic OS upgrades for Azure VM scale sets. Guy Bowerman, Principal Program Manager, Azure Compute, announced a new set of automation features to simplify OS image upgrades for scale sets, allowing you to adopt a "set-it-and-forget-it" approach to OS lifecycle maintenance.

5. Additional updates in Azure from last week:

These topics are also covered in this week's Cloud Tech 10 episode (below):

• Monitor Azure services and applications using Grafana
• Windows System State Backup to Azure with Azure Backup is generally available
• General availability of App Service and Functions on Azure Stack
• Linux FUSE adapter for Blob Storage

In other news:

• Microsoft’s Project Olympus delivers cloud hardware innovation at scale
• Application Insights: VSTS dashboard chart widget now available
• Device provisioning: A manufacturing timeline for TPM devices
• TierPoint adds Azure Site Recovery to its DraaS offerings
• Monitoring of Azure ExpressRoute in preview
• New offers in Azure Marketplace – October 2017

Elsewhere this week, you can Join Microsoft at Supercomputing 17 in Denver, Colorado, where researchers and practitioners from around the world come together to advance the state of high-performance computing.

6. Azure Shows

Machine Learning, AI, and HPC are changing the way every industry thinks, including retail, manufacturing, healthcare, oil and gas, and financial services. These large computations are changing product design, end-customer experiences, enabling predictive support and leading to discoveries and innovations not previously possible. It really is an exciting time to be working in the cloud!

In the Azure compute team, we strive to make sure you have the best, the latest, and the most cost-effective infrastructure for every compute job, no matter how different they may be. To this end, we offer the most comprehensive set of GPUs in the public cloud, already offering VM sizes with NVIDIA’s K80s, M60s, P40s and P100s. Today, I’m happy to share two exciting new announcements to further support your GPU workloads:

• We are launching a new VM size on Azure, the NCv3. This new size will offer the new NVIDIA Tesla V100 GPU. You can sign up for the preview today.
• Our NCv2, offering NVIDIA P100s, and our ND-series, offering NVIDIA P40s, are exiting preview and will be GA for your production workloads starting on December 1st.

The NCv3-series virtual machines will use NVIDIA Tesla V100 GPUs, which are the latest GPUs from NVIDIA. Like our previous GPU sizes, Azure is the only cloud with dedicated InfiniBand interconnects to enable incredibly fast multi-VM computations. Our GPU sizes also offer PCIe configuration with direct support for Azure premium storage. We will open preview access to the NCv3 series in the East US region in the coming weeks.

Just a couple months ago, we released the preview of the ND-series, focusing on deep learning, AI training, and inference. The ND is powered by up to four NVIDIA Tesla P40 GPUs and provide a large GPU memory size (24GB), enabling customers to deploy much larger neural net models. We also recently released the NCv2-series, targeting traditional HPC workloads. With up to four NVIDIA Tesla P100 GPUs and our unique InfiniBand networking for low-latency interconnect, the NCv2 offers great HPC performance at a great price for scale-out workloads. Both of these SKUs will be GA on December 1st.

Of course, the hardware is only part of the story. With Azure Batch AI, you can quickly and easily run AI workloads, focusing on your jobs while letting Azure Batch handle provisioning and management. Batch AI can use every flavor of our new GPU VMs, giving you ready access to great AI hardware coupled with simple AI job execution. 

Additionally, our Data Science Virtual Machine images are being updated to take advantage of the new GPUs. DSVMs are Azure Virtual Machine images, pre-configured and tested with several popular tools commonly used for data analytics, machine learning and AI training. The Data Science Virtual Machine images are great for training and education, short-term experimentation, or simply to have a cloud desktop with the latest versions of popular data science applications pre-installed.

I can barely wait to see what amazing discoveries and innovative insights you are able to ascertain with these new GPU VMs. The NCv2 and ND will be GA and ready for production workloads on December 1 in multiple regions in the US, Europe and Asia. 

Finally, if you’re attending the Supercomputing conference in Denver this week, stop by booth 1501 and find out more from the team.

See ya around,
Corey

Did you know that app developers make the most money from Advertising during the holiday season than at any other time of the year? Advertisers spend huge sums promoting their brands through Digital Ad campaigns during this period.  Are you ready to take advantage of this and maximize Ad revenues for your Windows apps this holiday season?

If you haven’t already,  join the tens of thousands of Windows app developers using the Microsoft Advertising SDK and the Microsoft Ad Monetization platform as their Ad monetization solution. Integrating the SDK into your app is straightforward and you should be able to get up and running in just about a day. The Microsoft Ad Monetization platform provides higher fill rates and better eCPMs on a variety of Ad formats including Banner, Native and Interstitial Video Ads. The platform uses Machine Learning to maximize App Ad revenues by selecting the potentially highest yield Ad response on every Ad request. Also, with a single integration to the platform through the SDK, you get access to the growing portfolio of our Ad network partners such as SpotX, Smartclip etc. without making additional code changes when new networks get added.

If you are already using the Microsoft Advertising SDK for Ad monetization, here are the top five tips to maximize Ad revenues for your apps for the holidays.

1. Check the placement of your Ad in your app (link).

Placing the Ad in the right place on the app increases user visibility and click performance of the ad unit, which directly improves monetization. Advertisers are likely to bid higher if the Ad viewability scores are higher for your app. Optimize for viewability and clicks and see your revenue increase.

2. Switch from ‘Manual’ to ‘Automatic’ in Mediation settings for your Ad units.

By choosing the ‘Automatic’ option, you let the Microsoft Ad Monetization platform choose the best mediation settings to maximize the yield for your app. This is done using Machine learning algorithms that take into account several app, user and environment features to pick the optimal order of Ad networks to maximize Ad yield.

3. Use interstitial banner as fallback for video (link).

Video ads are a great way to monetize but when a video ad request is not converted into an impression, a great option is to use Interstitial banner as a fallback and make the most of the opportunity to monetize that ad space.

4. Check your app’s COPPA settings (link).

If your app does not target children under 13, then Targeted Ads are a great way to maximize your Ad monetization potential. Incorrect classification of your app as ‘directed at children under the age of 13’ while in reality it is not, can cause Ad revenues to drop as the Ads returned in this situation are not targeted/relevant. Also, Ad requests for such apps are not sent to Ad networks that are not COPPA compliant, thereby causing Ad fill rates on your app to drop.

5. Consider using high yield Ad formats in your app.

Have you considered adding in support for Ad formats such as Interstitial Video (link) and Native Ads (link) in your app? These richer Ad formats have higher yield than standard banner Ads and can make a considerable difference in your App Ad revenues especially during the holiday season.

Implementing these very simple steps is a great way to ensure you are maximizing the Ad monetization potential for your apps and setting yourself up for higher Ad revenues during this holiday season!

The post Ad Monetization Tips: Maximizing your App Ad revenues for the holidays using the Microsoft Ad Monetization platform appeared first on Building Apps for Windows.

My team is responsible for many of the engineering tools we use at Microsoft (affectionately called the One Engineering System or 1ES – paralleling Satya’s “One Microsoft” mantra).  As part of that responsibility we get to interact deeply with teams across the company and learn from what they are doing.  We try to take the best ideas and harvest them for use in our own team and also share them across the company.

We also deliver the same broad set of DevOps tooling to a wide array of external customers.  As part of that responsibility we get to interact with customers of a myriad of sizes, in every industry.  We share and learn extensively with our customers and try to make the product better and make our own engineering practices better.

Over the past 6 or so years, we have gone through a massive transition from producing a relatively monolithic 3 tier on prem product every couple of years to delivering a global scale, always on, cloud service made up of dozen of micro-services every day – and deliver the same capabilities on premises every few months.  We get tons of questions about how we’ve done it from customers exploring their own transformation.  I haven’t counted but I would bet a lot of money that, at least, 3 or 4 times a week, every week, we have a customer visit, an Executive Briefing Center session, a conference session or a virtual meeting where we talk about our transformation.

There are probably a dozen or so people in my team with experience giving these talks – dozens, if not hundreds, of times.  Each person has had a slightly different spin – focusing on the parts of the transformation they are most familiar with – it’s a big transformation and not everyone was deeply involved in all parts of it.  This has yielded a lot of decks and content with similar messages but different strengths and weaknesses.

A month or so ago we had a big partner event to share our DevOps practices and we used that event as forcing function to pull together a consolidated view of our DevOps transformation.  In all, it was 3 days of content – morning to night, that covered the breadth of our journey, our learnings and our current practices.  We recorded those talks in videos so that we could share them more broadly.  They have been edited and made a little more “snackable” – not sure you want to sit through all 3 days of content :).  Last week we posted them on the web for anyone who wants to see them.  I encourage you to check them out and let us know what you think.

DevOps at Microsoft

Brian

There are many R packages that connect to the internet, whether it's to import data (readr), install packages from Github (devtools), connect with cloud services (AzureML), or many other web-connected tasks. There's one R package in particular that provides the underlying connection between R and the Web: curl, by Jeroen Ooms, who is also the new maintainer for R for Windows. (The name comes from curl, a command-line utility and interface library for connecting to web-based services). The curl package provides replacements for the standard url and download.file functions in R with support for encryption, and the package was recently updated to enhance its security, particularly on Windows.

To implement secure communications, the curl package needs to connect with a library that handles the SSL (secure socket layer) encryption. On Linux and Max, curl has always used the OpenSSL library, which is included on those systems. Windows doesn't have this library (at least, outside of the Subsystem for Linux), so on Windows the curl package included the OpenSSL library and associated certificate. This raises its own set of issues (see the post linked below for details), so version 3.0 of the package instead uses the built-in winSSL library. This means curl uses the same security architecture as other connected applications on Windows.

This shouldn't have any impact on your web-connectivity from R now or in the future, except the knowledge that the underlying architecture is more secure. Nonetheless, it's possible to switch back to OpenSSL-based encryption (and this remains the default on Windows 7, which does not include the winSSL).

Version 3.0 of the curl package is available now on CRAN (though you'll likely never need to load it explicitly — packages that use it do that for you automatically). You can learn more about the changes at the link below. If you'd like to know more about what the cur packahe can do, this vignette is a great place to start. Many thanks to Jeroen Ooms for this package.

rOpenSci: Changes to Internet Connectivity in R on Windows

Every year the Microsoft Store sees an increase in the number of customers downloading and purchasing content during the holiday season. During the holiday months of 2016, the Microsoft Store saw more than a 30% increase in the number of downloads when compared to the rest of the year.

To take advantage of the holiday momentum, you’ll want to update or submit your app or game no later than November 14th for Thanksgiving (US) and December 14th for the Christmas holiday. You can see the full list of submission deadlines below. Updating or submitting your app early ensures that they will be available during the holiday season!

The post Microsoft Store app and game submission deadlines for the holiday season appeared first on Building Apps for Windows.

With the latest updates to Azure Batch, you now have the option to schedule your tasks as Docker container invocations. Containers and Azure Batch are an ideal way to package, execute, and scale your High Performance Computing (HPC) applications and batch workloads in a consistent, reproducible manner utilizing powerful cloud native job scheduling capabilities.

Today, we're excited to announce support for Singularity containers in the latest Batch Shipyard release. Singularity is a container solution amenable to both administrators and users of shared HPC and cluster computing environments, while still providing access to accelerators such as GPUs and specialized interconnects in container contexts. Batch Shipyard is an open system for enabling simple, configuration-based container execution on Azure Batch, and aims to allow users of these shared computing environments to easily execute their existing Singularity workloads on Azure. Azure's GPU, including ND, NCv2, and the upcoming NCv3 series of VMs, and RDMA-enabled instances are potentially an ideal fit for such workloads. Also, with Batch Shipyard and Azure Batch, not only can you automatically scale your compute pools with ease, you can also opt to execute your workloads on low priority VMs for savings up to 80%!

In addition to support for Singularity, the latest release of Batch Shipyard includes preliminary support for Windows containers, integrated Azure Batch container support, YAML based configuration support, ability to reference multiple private registries, ARM Image-based custom images, and pre-built binaries for the CLI among other improvements. Please view the Change Log and the migration guide if you are upgrading from a previous version. If desired, Batch Shipyard is available directly within Azure Cloud Shell with no installation required.

We are excited to announce that TierPoint, a Microsoft trusted partner, now offers Azure Site Recovery as a managed DR solution. TierPoint understands Azure Site Recovery at a deep level and creates policy-based, software-defined solutions that bring recovered systems online quickly for its managed Azure customers.

In the words of David McKenney, Director of Product Management at TierPoint, “TierPoint’s Disaster Recovery as a Service (DRaaS) customers have a choice of cloud platforms for their failover environment, and often choose Azure. They appreciate Azure’s flexibility, network policy automation, test failover capabilities, cost model, security and more.”

As businesses evolve, infrastructure solutions must also keep pace with the business, but not every enterprise has the time or resources to focus on IT maintenance, especially if IT is not a core business competency, and this could adversely impact disaster readiness. To meet their growing infrastructure requirements, more and more enterprises today outsource their IT implementation and maintenance to professional and managed services providers.

Azure Site Recovery understands this need and works with top Microsoft partners to provide a seamless experience across a range of deployment scenarios. By allowing a partner to manage your disaster recovery service, you can save precious time and resources, and reallocate those to your core business priorities.

To get started with Azure Site Recovery today, visit our website. To work with a partner, check out Azure Site Recovery partners.

Only a few years ago, most people thought it was impossible to complete mainstream, high-performance computing tasks in the cloud. Nowadays, we see complete workflows related to fields like fluid dynamics, risk analysis, weather forecasting, deep learning, subsurface and seismic simulation, in addition to many new HPC use cases showing up in Azure every day.

It’s amazing to watch users discover the possibilities the cloud unlocks, and experience access to new technology at a record pace. By enabling interactive collaboration with other researchers, the ability to experiment with new technologies ahead of capital investment, and the elimination of lengthy proposal processes and queues for jobs that complete in hours, we’re helping our customers accelerate the pace of innovation.

Like most people in the big compute space, our passion goes beyond the job. We have folks with backgrounds from most HPC industries toiling away every day to make it easier for you to bring to bear the power of the cloud on some of life’s biggest challenges. Our sustained investment in the most advanced networking, including the recent acquisition of Cycle Computing, our exclusive arrangement to bring Cray Supercomputer services to the Azure cloud, and our recent release of the Azure Batch AI service are but a few examples of ways that we are investing to make it easier for each of you to take advantage of the cloud at your pace, and with minimal disruption to your existing workflows.

I’m honored to say that the community has recognized our efforts. HPCwire announced yesterday that we are the winner of the HPCwire Readers’ Choice Award and the Editors' Choice Award in the Best HPC in the Cloud Platform category. These awards, based on the nomination and votes of HPCwire’s international readership, are a great reminder that our commitment to HPC is having a real impact. The community recognizes that Azure provides one cloud for every workload, and we’re excited to continue offering the specialized products and services that our customers need.

If you’re at the Supercomputing conference in Denver this week, I invite you to stop by booth 1501 to learn more about how Azure can help you advance your big compute efforts.

MRAN, the Microsoft R Application Network has been migrated to a new high-performance, high-availability server, and we've taken the opportunity to make a few upgrades along the way. You shouldn't notice any breaking changes (of course if you do, please let us know), but you should notice faster performance for the MRAN site and for the checkpoint package. (MRAN is also the home of daily archives of CRAN, which checkpoint relies on to deliver specific package versions for its reproducibility functions.)

Among the improvements you will find:

• Faster search of R packages, including links to package vignettes and a dependencies graph for related packages.
• Additional resources for R users, including R Community links.
• A new "R Tools" menu, with links to other software platforms that integrate R.
• Streamlined download experience for Microsoft R Open, which no longer requires a separate install for accelerated math libraries.

As always, you can find MRAN at mran.microsoft.com.

Holiday Shopping

#AmplifyIngenuity Photo Contest

Historical weather and sports information

Today, we are releasing the November 2017 Security and Quality Rollup.

Security

This release contains no new security updates. The most recent .NET security updates were shipped with the September 2017 Security and Quality Rollup.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR

• Code optimization bug for x64 C# code targeting .NET Framework 4.6.1 and running on .NET Framework 4.7. [484415]

WPF

• WPF touch stops working after many touch events due to reference counting issue. [460192]
• WPF touch generates a NullReferenceException in System.Windows.Input.StylusWisp.WispLogic.ProcessInputReport with .NET Framework 4.7. [480909]
• WPF crash caused by INVALID_POINTER_WRITE_c0000005_PenIMC_v0400.dll!CPimcContext::GetPenEventMultiple. [488390]
• WPF rendering of UI Elements broken in Windows Services. [497604]

Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow commentsor use in web searches.

Security Compliance Guidance

This guidance is for companies that want to install the minimum set of security updates each month. If you want security and quality updates, do not follow this guidance.

Guidance for this month:

• Install Windows 10 updates (the Windows 10 LCU).
• Do not install pre-Win10 .NET Framework updates.

Explanation: .NET Framework updates for Windows 10 are included with the Windows 10 LCU (which include Windows security updates), while pre-Windows 10 .NET Framework updates are separate updates (which only include quality updates this month).

Note: You can look at the Classification release attribute to see if a .NET Framework update falls under either “Security Updates” or “Updates” category. See this month’s Windows 10 1709 and Windows 7 releases as examples.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

Docker Images

Docker images has not yet been updated as part of today’s release. They will be updated in the shortly. This post will be updated at that time.

The following repos will be updated.

• microsoft/aspnet
• microsoft/dotnet-framework
• microsoft/wcf

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

• October 2017 Preview of Quality Rollup
• October 2017 Security and Quality Rollup
• September 2017 Preview of Quality Rollup
• September 2017 Security and Quality Rollup

Today, we are releasing the .NET Core November Update. This includes .NET Core 1.0.8, 1.1.5 and 2.0.1 and .NET Core SDK 1.1.5 and 2.0.3.

Details regarding the security issues addressed by this release can be seen in the Security Advisory announcement.

Security

CVE-2017-8585 — Malformed Certificate can cause Denial of Service

Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of .NET Core 1.0 and 1.1, and 2.0. This advisory also provides guidance on what developers can do to update their applications correctly.

Microsoft is aware of a security vulnerability in the public version of .NET Core where a malformed certificate or other ASN.1 formatted data could lead to a denial of service via an infinite loop on Linux and macOS.

System administrators are advised to update their .NET Core runtimes to versions 1.0.8, 1.1.5 and 2.0.1. Developers are advised to update their .NET Core SDK to version 2.0.3 or 1.1.5.

CVE-2017-8585

Quality

See the release notes for a list of all the quality fixes in this release.

• .NET Core 2.0.3
• .NET Core 1.1.5
• .NET Core 1.0.8

Getting the Update

The .NET Core November 2017 Update is available from the .NET Core download page.

You can always download the version of .NET Core at .NET Downloads.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

• microsoft/dotnet

The following repos are in the process of being updated:

• microsoft/aspnetcore/
• microsoft/aspnetcore-build/

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Note: The Windows Docker tag scheme has changed.

Previous .NET Core Updates

The last few .NET Core updates follow:

• September 2017
• May 2017 Update
• January 2017 Update
• December 2016 Update
• September 2016 Update

Real-time collaborative development

Read the full article