October 11th, 2022

.NET Framework October 2022 Security and Quality Rollup

Today, we are releasing the October 2022 Security and Quality Rollup Updates for .NET Framework.

Security

For Windows 11, version 22H2 and Microsoft server operating system, version 22H2 the October Security and Quality Rollup Update is cumulative and contains all previously released security improvements. For all other windows versions the October Security and Quality Rollup Update does not contain any new security fixes. See September 2022 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements.

WPF1
  • Addresses an issue of WPF apps not working with “Text Cursor Indicator” enabled when using RichTextBox.
  • Addresses an issue to allow users to adjust column width for Datagrid and Gridview controls using keybord.
  • Addresses an issue where opening a tooltip causes an ArgumentOutOfRangeException, when the app has changed the floating-point control word.
  • Addresses an issue where invoking a synchronization Wait on the UI thread can lead to a render-thread failure, due to unexpected re-entrancy.
  • Addresses issues arising in TreeView (or ListBox/DataGrid with grouping enabled) when changing the underlying collection(s) while also collapsing or expanding TreeView nodes. Scrolling actions, especially “short” actions like LineUp or MouseWheelUp, can result in poor outcomes: hangs, crashes, unexpected scrolling, gaps in the display, etc.
  • Addresses an issue where DWM failures can cause WPF’s render thread to fail. An app can opt-in to the behavior of ignoring all DwmFlush errors by setting a regkey in HKCU\Software\Microsoft\Avalon.Graphics\IgnoreDwmFlushErrors or HKLM\Software\Microsoft\Avalon.Graphics\IgnoreDwmFlushErrors whose name is the full path to the .exe that wants to opt-in, and whose DWORD value is 1.
Winforms
  • Enabled Narrator to focus on System.Windows.Forms.DataGridView control even if it’s empty.
  • Improved keyboard navigation in ToolStrip ComboBox and TextBox items.
  • Improved color contrast in System.Windows.Forms.DataGridView control’s link cells.
Workflow
  • Addresses an issue when users interact with the Workflow Designer, they might encounter incorrectly disabled context menu items when right clicking on a variable in the component variables list.
.NET Runtime
  • Adjusted GC Heap Hard Limit configuration, as well as processor interpretation for .NET Framework container scenarios.
  • Improved reliability of managed debugging on arm64.
  • Improved security of code identified by internal compliance scans.
  • Improved deterministic output capability in ilasm.exe.
Networking
  • Addresses an issue when Ssl negotiation can hang indefinitely when client certificates are used when TLS 1.3 is negotiated. Before the change renegotiation (PostHandshakeAuthentiction) would fail and SslStream or HttpWebRequest would observe timeout. Possible workaround is disabling TLS 1.3 either via Switch.System.Net.DontEnableTls13 AppContext or via OS registry.

1 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10, version 1607 and Windows Server 2016 versions and newer operating systems.

Product Version Cumulative Update
Windows 11, version 22H2 5017271
.NET Framework 3.5, 4.8.1 Catalog 5017271
Windows 11, version 21H2 5018546
.NET Framework 3.5, 4.8 Catalog 5017264
.NET Framework 3.5, 4.8.1 Catalog 5017267
Microsoft server operating system, version 22H2 5018541
.NET Framework 3.5, 4.8 Catalog 5017265
Microsoft server operating system version 21H2 5018551
.NET Framework 3.5, 4.8 Catalog 5017265
.NET Framework 3.5, 4.8.1 Catalog 5017268
Windows 10, version 22H2 5017888
.NET Framework 3.5, 4.8 Catalog 5017262
.NET Framework 3.5, 4.8.1 Catalog 5017266
Windows 10, version 21H2 5018545
.NET Framework 3.5, 4.8 Catalog 5017262
.NET Framework 3.5, 4.8.1 Catalog 5017266
Windows 10, version 21H1 5018544
.NET Framework 3.5, 4.8 Catalog 5017262
.NET Framework 3.5, 4.8.1 Catalog 5017266
Windows 10, version 20H2 5018543
.NET Framework 3.5, 4.8 Catalog 5017262
.NET Framework 3.5, 4.8.1 Catalog 5017266
Windows 10, version 1809 (October 2018 Update) and Windows Server 2019 5018542
.NET Framework 3.5, 4.7.2 Catalog 5017270
.NET Framework 3.5, 4.8 Catalog 5017263
Windows 10, version 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5018411
.NET Framework 4.8 Catalog 5018515

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 5018549
.NET Framework 3.5 Catalog 5016268
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5018523
.NET Framework 4.8 Catalog 5018519
Windows Server 2012 5018548
.NET Framework 3.5 Catalog 5013635
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5018522
.NET Framework 4.8 Catalog 5018518
Windows 7 SP1 and Windows Server 2008 R2 SP1 5018547
.NET Framework 3.5.1 Catalog 5013637
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5018521
.NET Framework 4.8 Catalog 5018516
Windows Server 2008 SP2 5018550
.NET Framework 2.0, 3.0 Catalog 5013636
.NET Framework 4.6.2 Catalog 5018521

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

2 comments

Discussion is closed. Login to edit/delete existing comments.

  • Dhanraj D · Edited

    Hi @salini,

    It has been mentioned that only for Windows 11, version 22H2 and Microsoft server operating system, version 22H2 the February Security and Quality Rollup Update is cumulative and contains all previously released security improvements.

    We would like to know if it has anything to do with February updates and just typo.

    We also see new updates for Windows 10 1607 (Anniversary Update) and Windows Server 2016 ( 5018411 and 5018515) though it has been mentioned "For...

    Read more
    • Salini AgarwalMicrosoft employee Author

      Hi Dhanraj,

      “For all other windows versions The October Security and Quality Rollup Update does not contain any new security fixes” – this means that it does not have any security fixes, but it does contain the quality and reliability fixes and improvements listed.

      Yes, the “February” was typo and fixed.