.NET Framework February 2020 Security and Quality Rollup

Tara Overfield

Today, we are releasing the February 2020 Security and Quality Rollup Updates for .NET Framework.

Security

The February Security and Quality Rollup Update does not contain any new security fixes. See January 2020 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements. Some improvements included in the Security and Quality Rollup and were previously released in the Security and Quality Rollup that was dated January 23, 2020.

Acquistion & Deployment

  • Addresses an issue where the installation of .NET 4.8 on Windows machines prior to 1809 build prevents .NET-specific settings to be migrated during Windows upgrade to build 1809. Note: to prevent this issue, this update must be applied before the upgrade to a newer version of Windows.

CLR1

  • A change in .NET Framework 4.8 regressed certain EnterpriseServices scenarios where an single-thread apartment object may be treated as an multi-thread apartment and lead to a blocking failure. This change now correctly identifies single-thread apartment objects as such and avoids this failure.
  • There is a race condition in the portable PDB metadata provider cache that leaked providers and caused crashes in the diagnostic StackTrace API. To fix the race, detect the cause where the provider wasn’t being disposed and dispose it.
  • Addresses an issue when in Server GC, if you are truly out of memory when doing SOH allocations (ie, there has been a full blocking GC and still no space to accommodate your SOH allocation), you will see full blocking GCs getting triggered over and over again with the trigger reason OutOfSpaceSOH. This fix is to throw OOM when we have detected this situation instead of triggering GCs in a loop.
  • Addresses an issue caused by changing process affinity from 1 to N cores.

Net Libraries

  • Strengthens UdpClient against incorrect usage in network configurations with an exceptionally large MTU.

SQL

  • Addresses an issue with SqlClient Bid traces where information wasn’t being printed due to incorrectly formatted strings.

WCF2

  • There’s a race condition when listening paths are being closed down because of an IIS worker process crash and the same endpoints being reconfigured as listening but pending activation. When a conflict is found, this change allows for retrying with the assumption the conflict was transient due to this race condition. The retry count and wait duration are configurable via app settings.​
  • Added opt-in retry mechanism when configuring listening endpoints on the WCF Activation service to address potential race condition when rapidly restarting an IIS application multiple times while under high CPU load which resulted in an endpoint being inaccessible. Customers can opt in to the fix by adding the following AppSetting to SMSvcHost.exe.config under the %windir%\Microsoft.NET\Framework\v4.0.30319 and %windir%\Microsoft.NET\Framework64\v4.0.30319 folders as appropriate. This will retry registering an endpoint 10 times with a 1 second delay between each attempt before placing the endpoint in a failure state.       <appsettings>       <add key=”wcf:SMSvcHost:listenerRegistrationRetryCount” value=”10″>       <add key=”wcf:SMSvcHost:listenerRegistrationRetryDelayms” value=”1000″>       </add></appsettings>

Windows Forms

  • Addresses an issue in System.Windows.Forms.TextBox controls with ImeMode property set to NoControl. These controls now retain IME setting consistent with the OS setting regardles of the order of navigation on the page. Fix applies to CHS with pinyin keyboard.
  • Addresses an issue with System.Windows.Forms.ComboBox control with ImeMode set to ImeMode.NoControl on CHS with Pinyin keyboard to retain input mode of the parent container control instead of switching to disabled IME when navigating using mouse clicks and when focus moves from a control with disabled IME to this ComboBox control.
  • An accessibility change in .NET Framework 4.8 regressed editing IP address UI in the DataGridView in Create Cluster Wizard in Failover Cluster Services: users can’t enter the IP value after control UIA tree restructuring related to editing control movement to another editing cell. Such custom DataGridView cells (IP address cell) and their inner controls are currently not processed in default UIA tree restructuring to prevent this issue.

WPF3

  • Addresses an issue where under some circumstances, Popup’s in high-DPI WPF applications are not shown, are shown at the top-left corner of the screen, or are shown/rendered incompletely.
  • Addresses an issue when creating an XPS document in WPF, font subsetting may result in a FileFormatException of the process of subsetting would grow the font.
  • Addresses incorrect width of the text-insertion caret in TextBox et al., when the system DPI exceeds 96. In particular, the caret rendered nothing on a monitor with lower DPI than the primary, in some DPI-aware situations.
  • Addresses a hang arising during layout of Grids with columns belonging to a SharedSizeGroup.
  • Addresses a hang and eventual StackOverflowException arising when opening a RibbonSplitButton, if the app programmatically disables the button and replaces its menu items before the user releases the mouse button.
  • Addresses certain hangs that can arise while scrolling a TreeView.

1 Common Language Runtime (CLR)
2 Windows Communication Foundation (WCF) 3 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 10 1909 and Windows Server, version 1909
.NET Framework 3.5, 4.8 Catalog 4534132
Windows 10 1903 and Windows Server, version 1903
.NET Framework 3.5, 4.8 Catalog 4534132
Windows 10 1809 (October 2018 Update) and Windows Server 2019 4538122
.NET Framework 3.5, 4.7.2 Catalog 4534119
.NET Framework 3.5, 4.8 Catalog 4534131
Windows 10 1803 (April 2018 Update)
.NET Framework 3.5, 4.7.2 Catalog 4537762
.NET Framework 4.8 Catalog 4534130
Windows 10 1709 (Fall Creators Update)
.NET Framework 3.5, 4.7.1, 4.7.2 Catalog 4537789
.NET Framework 4.8 Catalog 4534129
Windows 10 1703 (Creators Update)
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2 Catalog 4537765
.NET Framework 4.8 Catalog 4537557
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4537764
.NET Framework 4.8 Catalog 4534126
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2 Catalog 4537776

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 4538124
.NET Framework 3.5 Catalog 4532946
.NET Framework 4.5.2 Catalog 4534120
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4534117
.NET Framework 4.8 Catalog 4534134
Windows Server 2012 4538123
.NET Framework 3.5 Catalog 4532943
.NET Framework 4.5.2 Catalog 4534121
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4534116
.NET Framework 4.8 Catalog 4534133

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

3 comments

Discussion is closed. Login to edit/delete existing comments.

  • SuperCocoLoco . 0

    No .NET framework updates for Windows 7 and Windows 10 is an ugly (very ugly) mobile OS unuseable on a desktop computer. I prefer an unsupported Windows 7 than a bad supported Windows 10 (Mobile Only, Cloud Only, Touch Only and local On-Premises Desktop never again).

  • Krejčí Pavel 0

    Hi,

    Are from now on for Windows 7SP1 ESU .NET 4.8 updates part of Security-only update or Monthly Rollup one? Or there is another way?

    Reg., Paul

    • Terence Teng 0

      Same question. @Tara

Feedback usabilla icon