February 14th, 2023

.NET Framework February 2023 Security and Quality Rollup Updates

Today, we are releasing the February 2023 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2023-21808 .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in the MSDIA SDK where an untrusted pointer dereference can cause memory corruption, leading to a crash or remove code execution.

  • CVE-2023-21808
  • CVE-2023-21722 .NET Framework Denial of Service Vulnerability

    This security update addresses a vulnerability where the Visual Studio WMI Setup Provider Installer can be used by a low level, local attacker to corrupt local files that SYSTEM can writ to, leading to a potential denial of service.

  • CVE-2023-21722
  • Quality and Reliability

    • Addresses an issue in propagation of ElementHost controls Visible property to underlying HwndWrapper.
    • Addresses an issue that restores System.Windows.Controls.VirtualizingStackPanel scrolling behavior for CollectionChange event.
    • Addresses an issue to ignore Win32LastError when calling GetWindowText and GetWindowTextLength methods.
    • Addresses an issue to allow override the control to always have IsOpen property set to false for third party library created class using the ToolTip class as the base.
    Networking
    • Addresses an issue in the Socket.EndReceiveFrom method that may lead to AccessViolationException in rare scenarios.

    1 Windows Presentation Foundation (WPF)

    Getting the Update

    The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

    Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

    The following table is for Windows 10, version 1507 and Windows Server 2016 versions and newer operating systems.

    Product Version Cumulative Update
    Windows 11, version 22H2
    .NET Framework 3.5, 4.8.1 Catalog 5022497
    Windows 11, version 21H2 5022730
    .NET Framework 3.5, 4.8 Catalog 5022505
    .NET Framework 3.5, 4.8.1 Catalog 5022499
    Microsoft server operating system, version 22H2 5022726
    .NET Framework 3.5, 4.8 Catalog 5022507
    Microsoft server operating system version 21H2 5022735
    .NET Framework 3.5, 4.8 Catalog 5022507
    .NET Framework 3.5, 4.8.1 Catalog 5022501
    Windows 10 Version 22H2 5022729
    .NET Framework 3.5, 4.8 Catalog 5022502
    .NET Framework 3.5, 4.8.1 Catalog 5022498
    Windows 10 Version 21H2 5022728
    .NET Framework 3.5, 4.8 Catalog 5022502
    .NET Framework 3.5, 4.8.1 Catalog 5022498
    Windows 10 Version 20H2 5022727
    .NET Framework 3.5, 4.8 Catalog 5022502
    .NET Framework 3.5, 4.8.1 Catalog 5022498
    Windows 10 1809 (October 2018 Update) and Windows Server 2019 5022782
    .NET Framework 3.5, 4.7.2 Catalog 5022511
    .NET Framework 3.5, 4.8 Catalog 5022504
    Windows 10 1607 (Anniversary Update) and Windows Server 2016
    .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5022838
    .NET Framework 4.8 Catalog 5022503
    Windows 10 1507
    .NET Framework 3.5, 4.6, 4.6.2 Catalog 5022858

    The following table is for earlier Windows and Windows Server versions.

    Product Version Security and Quality Rollup Security Only Update
    Windows Embedded 8.1 and Windows Server 2012 R2 5022733 5022785
    .NET Framework 3.5 Catalog 5022525 Catalog 5022531
    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5022513 Catalog 5022524
    .NET Framework 4.8 Catalog 5022508 Catalog 5022516
    Windows Embedded 8 and Windows Server 2012 5022732 5022784
    .NET Framework 3.5 Catalog 5022574 Catalog 5022575
    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5022512 Catalog 5022522
    .NET Framework 4.8 Catalog 5022506 Catalog 5022514
    Windows Embedded 7 Standard and Windows Server 2008 R2 SP1 5022731 5022783
    .NET Framework 3.5.1 Catalog 5022523 Catalog 5022530
    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5022515 Catalog 5022526
    .NET Framework 4.8 Catalog 5022509 Catalog 5022520
    Windows Server 2008 5022734 5022786
    .NET Framework 2.0, 3.0 Catalog 5022521 Catalog 5022529
    .NET Framework 4.6.2 Catalog 5022515 Catalog 5022526

    Previous Monthly Rollups

    The last couple .NET Framework monthly updates are listed below for your convenience:

    2 comments

    Discussion is closed. Login to edit/delete existing comments.

    • Kalle Niemitalo

      "Addresses an issue that restores VirtualizingScrollPanel scrolling behavior for CollectionChange event."

      I don't see a "VirtualizingScrollPanel" class in Windows Forms or Windows Presentation Foundation. Do you mean System.Windows.Controls.VirtualizingStackPanel?

      "Addresses Null Reference Exception when ToolTip is visible property is overridden to be always be false."

      Which property do you mean? The System.Windows.Controls.ToolTip class does not have a "Visible" or "IsVisible" property. There is the ToolTipService.IsOpen attached property but I don't understand how one could override that to always be...

      Read more
      • Salini AgarwalMicrosoft employee Author

        Hi Kalle,

        Thank you for your feedback. We have updated the wording of the fix.