June 8th, 2021

.NET Framework June 2021 Security and Quality Rollup Updates

Tara Overfield
Senior Software Engineer

Today, we are releasing the June 2021 Security and Quality Rollup Updates for .NET Framework.

Security

The June Security and Quality Rollup Update does not contain any new security fixes. See February 2021 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR1
  • Addresses a performance issue caused by incorrect configuration in the GC.
  • Addresses an issue where a background GC could pause the runtime for a long period of time if a large managed heap is filled with long lived objects with a deep chain of references.
  • Addresses an issue where crashes could occur if security stackwalks were generated during ThreadAbortException handling.
NCL2
  • .NET Framework 4.8 will now allow to negotiate TLS 1.3 if underlying OS supports it.
WPF3
  • Addresses an issue when rapid typing using an IME can crash via FailFast.
  • Addresses an issue where Thaana characters displayed in left-to-right order.
  • Addresses a crash when WebBrowser receives a completion event for a navigation it tried to cancel.


1 Common Language Runtime (CLR)
2 Network Class Library (NCL)
3 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 10 version 21H1
.NET Framework 3.5, 4.8 Catalog 5003254
Windows 10, version 20H2 and Windows Server, version 20H2
.NET Framework 3.5, 4.8 Catalog 5003254
Windows 10 version 2004 and Windows Server, version 2004
.NET Framework 3.5, 4.8 Catalog 5003254
Windows 10 version 1909
.NET Framework 3.5, 4.8 Catalog 5003256
Windows 10 version 1809 (October 2018 Update) and Windows Server 2019 5003778
.NET Framework 3.5, 4.7.2 Catalog 5003258
.NET Framework 3.5, 4.8 Catalog 5003255
Windows 10 version 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003638
.NET Framework 4.8 Catalog 5003542

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 5003781
.NET Framework 3.5 Catalog 4578953
.NET Framework 4.5.2 Catalog 4578956
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003549
.NET Framework 4.8 Catalog 5003545
Windows Server 2012 5003780
.NET Framework 3.5 Catalog 4578950
.NET Framework 4.5.2 Catalog 4578954
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003548
.NET Framework 4.8 Catalog 5003544
Windows 7 SP1 and Windows Server 2008 R2 SP1 5003779
.NET Framework 3.5.1 Catalog 4578952
.NET Framework 4.5.2 Catalog 4578955
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003547
.NET Framework 4.8 Catalog 5003543
Windows Server 2008 5003782
.NET Framework 2.0, 3.0 Catalog 4578951
.NET Framework 4.5.2 Catalog 4578955
.NET Framework 4.6 Catalog 5003547

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Author

Tara Overfield
Senior Software Engineer

Tara is a Software Engineer on the .NET team. She works on releasing .NET Framework updates.

13 comments

Discussion is closed. Login to edit/delete existing comments.

  • Felipe Pessoto

    Tara, how can I know if I’m affected by this issues: “Addresses an issue where a background GC could pause the runtime for a long period of time if a large managed heap is filled with long lived objects with a deep chain of references.”?

    Thanks

    • Tara OverfieldMicrosoft employee Author

      When this uncommon issue is experienced you may use a profiler (e.g. PerfView) to determine whether or not you are affected by the underlying issue. In particular, you should see: 1) A long GC pause, 2) That long GC pause is associated with a background GC and 3) observe some ETW events of this type (Microsoft-Windows-DotNETRuntimePrivate/GC/BGCOverflow) emitted from the runtime.

      • Felipe Pessoto

        Thanks Tara!

    • Ian Yates

      Agree. Good question. Is there any information about these circumstances so we can determine if this change may help? Even if not, such details are always good to read. Would you be able to point us to a blog post, or a similar fix that may have landed in .net core?

      Also, do we need to opt in to tls 1.3 at all? What setting might govern the opt-in, or opt-out of this change? I just...

      Read more
  • Alfred Ardito

    Does this update supersede KB4601051 (February update)? I noticed after installing this months update, that in the registry and cbs.log, the February update is marked as superseded. But when looking at the catalog online it doesn’t mention that.

    • Tara OverfieldMicrosoft employee Author

      Installing the June Security and Quality rollup from Windows Update will supersede previous releases, including the February Security and Quality rollup. If you install updates from WSUS or Catalog the June Security and Quality rollup will not supersede the February Security and Quality rollup. This supersedence strategy allows Windows Update to offer only the latest update and allows WSUS and Catalog customers to choose the latest security release or the latest release when...

      Read more
      • logie loge

        Hi Tara,

        Historically, my organisation has deployed packages containing multiple .NET security updates that have been downloaded from the update catalog, including the latest rollup at the time.

        However, my understanding is that the latest rollup is cumulative and includes all previous security fixes therefore, if I have a fresh install of .NET, I shouldn’t need to install any .NET security updates besides the most recent rollup. As things stand currently, this would be the June security...

        Read more
      • Tara OverfieldMicrosoft employee Author

        Hi Logie,
        You are correct in your understanding. The latest rollup is cumulative and includes all previous security fixes. If you have a fresh install of .NET, then install the latest rollup update you will be up-to-date. Currently, the latest update is the June Security and Quality Rollup (which does contain the latest security fixes from Feb ’21).

      • logie loge

        Thanks for the reply, Tara. Much appreciated.

  • Kalle Niemitalo

    The "Security" section says:

    "The February Security and Quality Rollup Update does not contain any new security fixes. See February 2021 Security and Quality Rollup for the latest security updates."

    Should it instead say the following?

    "The June Security and Quality Rollup Update does not contain any new security fixes. See February 2021 Security and Quality Rollup for the latest security updates."

    Read more
    • Tara OverfieldMicrosoft employee Author

      Thanks for catching that typo Kalle! I have corrected the issue and re-published the post.