.NET Framework August 2020 Security and Quality Rollup Updates

Tara Overfield

Tara

Today, we are releasing the August 2020 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2020-1476– .NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET Framework handle requests.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

CVE-2020-1476

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.

For more information go to: ControlBuilderInterceptor class

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

CVE-2020-1046

Quality and Reliability

This release contains the following quality and reliability improvements.

ASP.NET

– Use FIPS-compliant hashes in ASP.Net telemetry data. – Addresses an issue where “Unspecified” was not an allowed value in config for the ‘cookieSameSite’ attribute of the forms authentication and session state configuration sections.

CLR1

– A change in .NET Framework 4.8 regressed certain EnterpriseServices scenarios where an single-thread apartment object may be treated as an multi-thread apartment and lead to a blocking failure. This change now correctly identifies single-thread apartment objects as such and avoids this failure. – Addresses an issue in assemblies with IBC profile data causing Ngen worker processes to crash and fall back to full native images. – Addresses rare crashes that could occur during thread abort delivery.

SQL

– SqlBulkCopy.WriteToServer can cause transactions to in-memory SQL tables, to fail. The client may see an exception with message “Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.” SqlBulkCopy.WriteToServer was sending an Attention token (cancellation message) after sending data to Sql Server, causing the server to abort the transaction for in-memory tables.

Net Libraries

– Addresses a memory leak in HttpListener.

Winforms

– Addresses an issue with DataGridView IsReadOnlyaccessibility state: Narrator and other accessible tool announces read-only cell status accordingly. – Addresses a regression in .NET Framework 4.8 when applications using the DataGridView ComboBox cell type and have opted into Level 3 Accessibility, may experience intermittent crashes while editing the cell. – Addresses an issue in ClickOnce RFC3161 timestamp verification code.

WCF2

– When using a UPN Windows username with the format similar to username@dns.domain in the username property of a NetworkCredential when using NetTcpBinding or NetNamedPipeBinding, WCF would incorrectly split the username and dns.domain placing them into the UserName and Domain properties. This is invalid in some scenarios and would result in failing to authenticate. This fix removes the credential modification when using a UPN username. The modification can be re-enabled by setting the AppSetting “wcf:enableLegacyUpnUsernameFix” to true.

WPF3

– Addresses an issue when spell-checking is enabled in WPF TextBox or RichTextBox, words like “etc.”, “e.g.” are identified as spelling errors incorrectly. – Addresses an issue when some Per-Monitor Aware WPF applications that run on .NET 4.8 may occasionally encounter a crash with exceptionSystem.ComponentModel.Win32Exception. – Addresses an issue where TextBlock reflows (makes different line-breaking decisions) during render and hit-test, vs. during measure. The symptoms include missing text, and FailFast crashes during programmatic text processing. – Addresses an issue with a render thread failure caused by HostVisual disconnecting its target on the wrong thread. – Addresses an issue with a hang while scrolling a TreeView whose tree is non-uniform, in the sense thata given node’s children govern subtrees whose sizes are quite different. – Addresses an issue with a crash that can occur when closing a tooltip that is re-entrantly closed by user code. – When an HwndHost leaves the visual tree, a stack trace is created. This is expensive, and usually unnecessary. The logic is now changed to create the stack trace only when the anomalous condition occurs. – Addresses a memory leak in System.Speech.SpeechSynthesizer. – DataGrid’s Copy command throws an exception if the system clipboard is locked by another process. This crashes, as there is usually no app code on the stack to catch the exception. The behavior of TextBox (and other apps like Notepad, Word, browsers) in this situation is to fail silently – nothing is copied to the clipboard, but no exception. A WPF app can now opt-in to this behavior by setting in its app.config file. – Addresses an issue in constructing the internal model for a FixedPage document. Some text was appearing in the wrong order for the purposes of editing operations such as selection and copy/paste.

Windowsforms Accessibility Improvements

In this release we are adding new accessibility improvements that your application can opt-in into. By default these changes are disabled. Applications that opt-in into accessibility features introduced in .NET 4.8 and earlier, can add the following compatibility switch to the application’s config file:

“Switch.UseLegacyAccessibilityFeatures.4=false”

Specifically, if an application targets .NET 4.8, add the following AppContextSwitchOverrides section:

<?xml version="1.0" encoding+"utf-8" ?>
 <configuration>
  <startup>
   <supportedRuntime version="v4.0" sku=".NETFramework,Versionv4.8" />
  </startup>
  <runtime>
   <!-- AppContextSwitchOverrides value attribute is in the form of key1=true|false;key2=true|false -->
   <AppContextSwitchOverrides     value="Switch.UseLegacyAccessibilityFeatures.4=false"/>
  </runtime>
</configuration>

If an application targets an earlier version of the framework and opts in into the previously release sets of accessibility features, then add a single “Switch.UseLegacyAccessibilityFeatures.4=false” switch to the existing AppContextSwitchOverrides section:

<?xml version="1.0" encoding+"utf-8" ?>
<configuration>
 <startup>
   <supportedRuntime version="v4.0" sku=".NETFramework,Versionv4.7"/>
 </startup>
 <runtime>
<!-- AppContextSwitchOverrides value attribute is in the form of key1=true|false;key2=true|false -->
  <AppContextSwitchOverrides value="Switch.UseLegacyAccessibilityFeatures=false|Switch.UseLegacyAccessibilityFeatures.2=false|Switch.UseLegacyAccessibilityFeatures.3=false|Switch.UseLegacyAccessibilityFeatures.4=false"/>
  </runtime>
</configuration>

Winforms accessibility improvements included in this release are: – Addresses an issue with announcing PropertyGrid control items and categories expanded/collapsed state by Screen Readers.

– Updated the accessible patterns of Property Grid control and its inner elements.

– Updated the accessible names of Property Grid control inner elements to correctly announce these by screen reader.

– Addressesbounding rectangle accessible properties for the PropertyGridView controls

– Enables screen readers to announce DataGridView ComboBox cell expanded/collapsed state correctly.

1 Common Language Runtime (CLR) 2 Windows Communication Foundation (WCF) 3 Windows Presentation Foundation (WPF)

@@End ‘Quality and Reliability’ Part@@

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product VersionCumulative Update
Windows 10 2004 and Windows Server, version 2004
.NET Framework 3.5, 4.8Catalog4569745
Windows 10 1909 and Windows Server, version 1909
.NET Framework 3.5, 4.8Catalog4569751
Windows 10 1903 and Windows Server, version 1903
.NET Framework 3.5, 4.8Catalog4569751
Windows 10 1809 (October 2018 Update) and Windows Server 20194570505
.NET Framework 3.5, 4.7.2Catalog4569776
.NET Framework 3.5, 4.8Catalog4569750
Windows 10 1803 (April 2018 Update)
.NET Framework 3.5, 4.7.2Catalog4571709
.NET Framework 4.8Catalog4569749
Windows 10 1709 (Fall Creators Update)
.NET Framework 3.5, 4.7.1, 4.7.2Catalog4571741
.NET Framework 4.8Catalog4569748
Windows 10 1703 (Creators Update)
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2Catalog4571689
.NET Framework 4.8Catalog4569747
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog4571694
.NET Framework 4.8Catalog4569746
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2Catalog4571692

 

The following table is for earlier Windows and Windows Server versions.

Product VersionSecurity and Quality RollupSecurity Only Update
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R245705084570502
.NET Framework 3.5Catalog4569768Catalog4569737
.NET Framework 4.5.2Catalog4569778Catalog4569741
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog4569774Catalog4569739
.NET Framework 4.8Catalog4569753Catalog4569732
Windows Server 201245705074570501
.NET Framework 3.5Catalog4569765Catalog4569734
.NET Framework 4.5.2Catalog4569779Catalog4569742
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog4569773Catalog4569738
.NET Framework 4.8Catalog4569752Catalog4569731
Windows 7 SP1 and Windows Server 2008 R2 SP145705064570500
.NET Framework 3.5.1Catalog4569767Catalog4569736
.NET Framework 4.5.2Catalog4569780Catalog4569743
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog4569775Catalog4569740
.NET Framework 4.8Catalog4569754Catalog4569733
Windows Server 200845705094570503
.NET Framework 2.0, 3.0Catalog4569766Catalog4569735
.NET Framework 4.5.2Catalog4569780Catalog4569743
.NET Framework 4.6Catalog4569775Catalog4569740

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

July 2020 Cumulative Update Preview for Windows 10, version 2004 July 2020 Cumulative Update Preview July 2020 Security and Quality Rollup Updates May 2020 Security and Quality Rollup Updates

1 comment

Leave a comment

  • Avatar
    Ismail Demir

    Hello Tara,

    please forward this to Windows 7 Team.

    The update kb4040980 (kb4041083 and kb4049016)) should be merged with kb4569767 while replaced.

    Same with the 3 updates:
    kb2931356
    kb2894844
    kb2836943-v2

    Those 2 updates should be merged too:
    kb2789645
    kb3023215

    All those updates should not be available in Windows Update while Rollup Update is installed or integrated!

    edit: It would be nice if all .net updates merged into the rollup update.

    Thank you!