August 11th, 2020

.NET Framework August 2020 Security and Quality Rollup Updates

Tara Overfield
Senior Software Engineer

Revised 6/8/2021: On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you’ve already installed a previous release of this update, no action is required.

Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previous release of this some updates. See known issues section for more details. If you’ve already installed a previous release of an affected update, no action is required.

Today, we are releasing the August 2020 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2020-1476– .NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET Framework handle requests.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

CVE-2020-1476

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.

For more information go to: ControlBuilderInterceptor class

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

CVE-2020-1046

Quality and Reliability

This release contains the following quality and reliability improvements.

ASP.NET

– Use FIPS-compliant hashes in ASP.Net telemetry data. – Addresses an issue where “Unspecified” was not an allowed value in config for the ‘cookieSameSite’ attribute of the forms authentication and session state configuration sections.

CLR1

– A change in .NET Framework 4.8 regressed certain EnterpriseServices scenarios where an single-thread apartment object may be treated as an multi-thread apartment and lead to a blocking failure. This change now correctly identifies single-thread apartment objects as such and avoids this failure. – Addresses an issue in assemblies with IBC profile data causing Ngen worker processes to crash and fall back to full native images. – Addresses rare crashes that could occur during thread abort delivery.

SQL

– SqlBulkCopy.WriteToServer can cause transactions to in-memory SQL tables, to fail. The client may see an exception with message “Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.” SqlBulkCopy.WriteToServer was sending an Attention token (cancellation message) after sending data to Sql Server, causing the server to abort the transaction for in-memory tables.

Net Libraries

– Addresses a memory leak in HttpListener.

Winforms

– Addresses an issue with DataGridView IsReadOnlyaccessibility state: Narrator and other accessible tool announces read-only cell status accordingly. – Addresses a regression in .NET Framework 4.8 when applications using the DataGridView ComboBox cell type and have opted into Level 3 Accessibility, may experience intermittent crashes while editing the cell. – Addresses an issue in ClickOnce RFC3161 timestamp verification code.

WCF2

– When using a UPN Windows username with the format similar to username@dns.domain in the username property of a NetworkCredential when using NetTcpBinding or NetNamedPipeBinding, WCF would incorrectly split the username and dns.domain placing them into the UserName and Domain properties. This is invalid in some scenarios and would result in failing to authenticate. This fix removes the credential modification when using a UPN username. The modification can be re-enabled by setting the AppSetting “wcf:enableLegacyUpnUsernameFix” to true.

WPF3

– Addresses an issue when spell-checking is enabled in WPF TextBox or RichTextBox, words like “etc.”, “e.g.” are identified as spelling errors incorrectly. – Addresses an issue when some Per-Monitor Aware WPF applications that run on .NET 4.8 may occasionally encounter a crash with exceptionSystem.ComponentModel.Win32Exception. – Addresses an issue where TextBlock reflows (makes different line-breaking decisions) during render and hit-test, vs. during measure. The symptoms include missing text, and FailFast crashes during programmatic text processing. – Addresses an issue with a render thread failure caused by HostVisual disconnecting its target on the wrong thread. – Addresses an issue with a hang while scrolling a TreeView whose tree is non-uniform, in the sense thata given node’s children govern subtrees whose sizes are quite different. – Addresses an issue with a crash that can occur when closing a tooltip that is re-entrantly closed by user code. – When an HwndHost leaves the visual tree, a stack trace is created. This is expensive, and usually unnecessary. The logic is now changed to create the stack trace only when the anomalous condition occurs. – Addresses a memory leak in System.Speech.SpeechSynthesizer. – DataGrid’s Copy command throws an exception if the system clipboard is locked by another process. This crashes, as there is usually no app code on the stack to catch the exception. The behavior of TextBox (and other apps like Notepad, Word, browsers) in this situation is to fail silently – nothing is copied to the clipboard, but no exception. A WPF app can now opt-in to this behavior by setting in its app.config file. – Addresses an issue in constructing the internal model for a FixedPage document. Some text was appearing in the wrong order for the purposes of editing operations such as selection and copy/paste.

Windowsforms Accessibility Improvements

In this release we are adding new accessibility improvements that your application can opt-in into. By default these changes are disabled. Applications that opt-in into accessibility features introduced in .NET 4.8 and earlier, can add the following compatibility switch to the application’s config file:

“Switch.UseLegacyAccessibilityFeatures.4=false”

Specifically, if an application targets .NET 4.8, add the following AppContextSwitchOverrides section:

<?xml version="1.0" encoding+"utf-8" ?>
 <configuration>
  <startup>
   <supportedRuntime version="v4.0" sku=".NETFramework,Versionv4.8" />
  </startup>
  <runtime>
   <!-- AppContextSwitchOverrides value attribute is in the form of key1=true|false;key2=true|false -->
   <AppContextSwitchOverrides     value="Switch.UseLegacyAccessibilityFeatures.4=false"/>
  </runtime>
</configuration>

If an application targets an earlier version of the framework and opts in into the previously release sets of accessibility features, then add a single “Switch.UseLegacyAccessibilityFeatures.4=false” switch to the existing AppContextSwitchOverrides section:

<?xml version="1.0" encoding+"utf-8" ?>
<configuration>
 <startup>
   <supportedRuntime version="v4.0" sku=".NETFramework,Versionv4.7"/>
 </startup>
 <runtime>
<!-- AppContextSwitchOverrides value attribute is in the form of key1=true|false;key2=true|false -->
  <AppContextSwitchOverrides value="Switch.UseLegacyAccessibilityFeatures=false|Switch.UseLegacyAccessibilityFeatures.2=false|Switch.UseLegacyAccessibilityFeatures.3=false|Switch.UseLegacyAccessibilityFeatures.4=false"/>
  </runtime>
</configuration>

Winforms accessibility improvements included in this release are: – Addresses an issue with announcing PropertyGrid control items and categories expanded/collapsed state by Screen Readers.

– Updated the accessible patterns of Property Grid control and its inner elements.

– Updated the accessible names of Property Grid control inner elements to correctly announce these by screen reader.

– Addressesbounding rectangle accessible properties for the PropertyGridView controls

– Enables screen readers to announce DataGridView ComboBox cell expanded/collapsed state correctly.

1 Common Language Runtime (CLR) 2 Windows Communication Foundation (WCF) 3 Windows Presentation Foundation (WPF)

Known issues in this security update

Symptom Customers using Windows 7 SP1, Windows Server 2008 R2 SP1 or Windows Server 2008, this update does not install, and it returns either or both of the following error messages:

  • -2146762495
  • A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
  • The revocation function was unable to check revocation because the revocation server was offline.

Workaround

This issue was corrected by the latest release of this update. If you’ve already installed a previous release of this update, no action is required.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 10 2004 and Windows Server, version 2004
.NET Framework 3.5, 4.8 Catalog 4569745
Windows 10 1909 and Windows Server, version 1909
.NET Framework 3.5, 4.8 Catalog 4569751
Windows 10 1903 and Windows Server, version 1903
.NET Framework 3.5, 4.8 Catalog 4569751
Windows 10 1809 (October 2018 Update) and Windows Server 2019 4570505
.NET Framework 3.5, 4.7.2 Catalog 4569776
.NET Framework 3.5, 4.8 Catalog 4569750
Windows 10 1803 (April 2018 Update)
.NET Framework 3.5, 4.7.2 Catalog 4571709
.NET Framework 4.8 Catalog 4569749
Windows 10 1709 (Fall Creators Update)
.NET Framework 3.5, 4.7.1, 4.7.2 Catalog 4571741
.NET Framework 4.8 Catalog 4569748
Windows 10 1703 (Creators Update)
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2 Catalog 4571689
.NET Framework 4.8 Catalog 4569747
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4571694
.NET Framework 4.8 Catalog 4569746
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2 Catalog 4571692

 

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup Security Only Update
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 4570508 4570502
.NET Framework 3.5 Catalog 4569768 Catalog 4569737
.NET Framework 4.5.2 Catalog 4569778 Catalog 4569741
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4569774 Catalog 4569739
.NET Framework 4.8 Catalog 4569753 Catalog 4569732
Windows Server 2012 4570507 4570501
.NET Framework 3.5 Catalog 4569765 Catalog 4569734
.NET Framework 4.5.2 Catalog 4569779 Catalog 4569742
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4569773 Catalog 4569738
.NET Framework 4.8 Catalog 4569752 Catalog 4569731
Windows 7 SP1 and Windows Server 2008 R2 SP1 4570506 4570500
.NET Framework 3.5.1 Catalog 4569767 Catalog 4569736
.NET Framework 4.5.2 Catalog 4569780 Catalog 4569743
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4569775 Catalog 4569740
.NET Framework 4.8 Catalog 4569754 Catalog 4569733
Windows Server 2008 4570509 4570503
.NET Framework 2.0, 3.0 Catalog 4569766 Catalog 4569735
.NET Framework 4.5.2 Catalog 4569780 Catalog 4569743
.NET Framework 4.6 Catalog 4569775 Catalog 4569740

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

July 2020 Cumulative Update Preview for Windows 10, version 2004 July 2020 Cumulative Update Preview July 2020 Security and Quality Rollup Updates May 2020 Security and Quality Rollup Updates

Author

Tara Overfield
Senior Software Engineer

Tara is a Software Engineer on the .NET team. She works on releasing .NET Framework updates.

1 comment

Discussion is closed. Login to edit/delete existing comments.

  • Ismail Demir

    Hello Tara,

    please forward this to Windows 7 Team.

    The update kb4040980 (kb4041083 and kb4049016)) should be merged with kb4569767 while replaced.

    Same with the 3 updates:
    kb2931356
    kb2894844
    kb2836943-v2

    Those 2 updates should be merged too:
    kb2789645
    kb3023215

    All those updates should not be available in Windows Update while Rollup Update is installed or integrated!

    edit: It would be nice if all .net updates merged into the rollup update.

    Thank you!

    Read more