.NET Framework November 2022 Security and Quality Rollup Updates

Salini Agarwal

Today, we are releasing the November 2022 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2022-41064– .NET Framework Information Disclosure Vulnerability

This security update addresses a vulnerability which exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query or command.

  • CVE-2022-41064
  • Quality and Reliability

    WPF1
    • Addresses an issue where a FailFast crash could occur when using WebBrowser.NavigateToString.
    • Addresses an ArgumentOutOfRangeException that can arise when calling ListBox.ScrollIntoView while there are pending changes to the visual tree that will change or clear the underlying ItemsCollection.
    • Addresses an ArgumentException “Width and Height must be non-negative” that can arise in an ItemsControl with grouping enabled, custom margins on the GroupItems, collapse/expand of GroupItems enabled, and run in high-DPI.
    • Addresses an issue where the opt-out switch Switch.System.Windows.Controls.ToolTip.OptOutOfWCAG21ToolTipBehavior didn’t quite restore the 4.8 behavior, in particular the way it honors Switch.UseLegacyToolTipDisplay (which controls whether keyboard tooltip behavior is enabled).
    .NET Runtime
    • Address crashes that could occur if ilasm.exe failed to establish temporary PDB file alongside the output file.

    1 Windows Presentation Foundation (WPF)

    Getting the Update

    The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

    Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

    The following table is for Windows 10, version 1607 and Windows Server 2016 versions and newer operating systems.

    Product Version Cumulative Update
    Windows 11, version 22H2
    .NET Framework 3.5, 4.8.1 Catalog 5020622
    Windows 11, version 21H2 5020695
    .NET Framework 3.5, 4.8 Catalog 5020617
    .NET Framework 3.5, 4.8.1 Catalog 5020624
    Microsoft server operating system, version 22H2 5020693
    .NET Framework 3.5, 4.8 Catalog 5020619
    Microsoft server operating system, version 21H2 5020692
    .NET Framework 3.5, 4.8 Catalog 5020619
    .NET Framework 3.5, 4.8.1 Catalog 5020632
    Windows 10, version 22H2 5020694
    .NET Framework 3.5, 4.8 Catalog 5020613
    .NET Framework 3.5, 4.8.1 Catalog 5020623
    Windows 10, version 21H2 5020687
    .NET Framework 3.5, 4.8 Catalog 5020613
    .NET Framework 3.5, 4.8.1 Catalog 5020623
    Windows 10, version 21H1 5020801
    .NET Framework 3.5, 4.8 Catalog 5020613
    .NET Framework 3.5, 4.8.1 Catalog 5020623
    Windows 10, version 20H2 5020686
    .NET Framework 3.5, 4.8 Catalog 5020613
    .NET Framework 3.5, 4.8.1 Catalog 5020623
    Windows 10, version 1809 (October 2018 Update) and Windows Server 2019 5020685
    .NET Framework 3.5, 4.7.2 Catalog 5020627
    .NET Framework 3.5, 4.8 Catalog 5020615
    Windows 10 1607 (Anniversary Update) and Windows Server 2016
    .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5019964
    .NET Framework 4.8 Catalog 5020614
    Windows 10 1507
    .NET Framework 3.5, 4.6.2 Catalog 5019970

    The following table is for earlier Windows and Windows Server versions.

    Product Version Security and Quality Rollup Security Only Update
    Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 5020690 5020680
    .NET Framework 3.5 Catalog 5016268 N/A
    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5020629 Catalog 5020611
    .NET Framework 4.8 Catalog 5020620 Catalog 5020608
    Windows Server 2012 5020689 5020679
    .NET Framework 3.5 Catalog 5013635 N/A
    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5020628 Catalog 5020610
    .NET Framework 4.8 Catalog 5020618 Catalog 5020606
    Windows 7 SP1 and Windows Server 2008 R2 SP1 5020688 5020678
    .NET Framework 3.5.1 Catalog 5013637 N/A
    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5020630 Catalog 5020612
    .NET Framework 4.8 Catalog 5020621 Catalog 5020609
    Windows Server 2008 SP2 5020691 5020681
    .NET Framework 2.0, 3.0 Catalog 5013636 N/A
    .NET Framework 4.6.2 Catalog 5020630 Catalog 5020612

    Previous Monthly Rollups

    The last few .NET Framework Monthly updates are listed below for your convenience: