.NET Framework February 2020 Security and Quality Rollup
Today, we are releasing the February 2020 Security and Quality Rollup Updates for .NET Framework.
The February Security and Quality Rollup Update does not contain any new security fixes. See January 2020 Security and Quality Rollup for the latest security updates.
Quality and Reliability
This release contains the following quality and reliability improvements. Some improvements included in the Security and Quality Rollup and were previously released in the Security and Quality Rollup that was dated January 23, 2020.
Acquistion & Deployment
- Addresses an issue where the installation of .NET 4.8 on Windows machines prior to 1809 build prevents .NET-specific settings to be migrated during Windows upgrade to build 1809. Note: to prevent this issue, this update must be applied before the upgrade to a newer version of Windows.
- A change in .NET Framework 4.8 regressed certain EnterpriseServices scenarios where an single-thread apartment object may be treated as an multi-thread apartment and lead to a blocking failure. This change now correctly identifies single-thread apartment objects as such and avoids this failure.
- There is a race condition in the portable PDB metadata provider cache that leaked providers and caused crashes in the diagnostic StackTrace API. To fix the race, detect the cause where the provider wasn’t being disposed and dispose it.
- Addresses an issue when in Server GC, if you are truly out of memory when doing SOH allocations (ie, there has been a full blocking GC and still no space to accommodate your SOH allocation), you will see full blocking GCs getting triggered over and over again with the trigger reason OutOfSpaceSOH. This fix is to throw OOM when we have detected this situation instead of triggering GCs in a loop.
- Addresses an issue caused by changing process affinity from 1 to N cores.
- Strengthens UdpClient against incorrect usage in network configurations with an exceptionally large MTU.
- Addresses an issue with SqlClient Bid traces where information wasn’t being printed due to incorrectly formatted strings.
- There’s a race condition when listening paths are being closed down because of an IIS worker process crash and the same endpoints being reconfigured as listening but pending activation. When a conflict is found, this change allows for retrying with the assumption the conflict was transient due to this race condition. The retry count and wait duration are configurable via app settings.
- Added opt-in retry mechanism when configuring listening endpoints on the WCF Activation service to address potential race condition when rapidly restarting an IIS application multiple times while under high CPU load which resulted in an endpoint being inaccessible. Customers can opt in to the fix by adding the following AppSetting to SMSvcHost.exe.config under the %windir%\Microsoft.NET\Framework\v4.0.30319 and %windir%\Microsoft.NET\Framework64\v4.0.30319 folders as appropriate. This will retry registering an endpoint 10 times with a 1 second delay between each attempt before placing the endpoint in a failure state. <appsettings> <add key=”wcf:SMSvcHost:listenerRegistrationRetryCount” value=”10″> <add key=”wcf:SMSvcHost:listenerRegistrationRetryDelayms” value=”1000″> </add></appsettings>
- Addresses an issue in System.Windows.Forms.TextBox controls with ImeMode property set to NoControl. These controls now retain IME setting consistent with the OS setting regardles of the order of navigation on the page. Fix applies to CHS with pinyin keyboard.
- Addresses an issue with System.Windows.Forms.ComboBox control with ImeMode set to ImeMode.NoControl on CHS with Pinyin keyboard to retain input mode of the parent container control instead of switching to disabled IME when navigating using mouse clicks and when focus moves from a control with disabled IME to this ComboBox control.
- An accessibility change in .NET Framework 4.8 regressed editing IP address UI in the DataGridView in Create Cluster Wizard in Failover Cluster Services: users can’t enter the IP value after control UIA tree restructuring related to editing control movement to another editing cell. Such custom DataGridView cells (IP address cell) and their inner controls are currently not processed in default UIA tree restructuring to prevent this issue.
- Addresses an issue where under some circumstances, Popup’s in high-DPI WPF applications are not shown, are shown at the top-left corner of the screen, or are shown/rendered incompletely.
- Addresses an issue when creating an XPS document in WPF, font subsetting may result in a FileFormatException of the process of subsetting would grow the font.
- Addresses incorrect width of the text-insertion caret in TextBox et al., when the system DPI exceeds 96. In particular, the caret rendered nothing on a monitor with lower DPI than the primary, in some DPI-aware situations.
- Addresses a hang arising during layout of Grids with columns belonging to a SharedSizeGroup.
- Addresses a hang and eventual StackOverflowException arising when opening a RibbonSplitButton, if the app programmatically disables the button and replaces its menu items before the user releases the mouse button.
- Addresses certain hangs that can arise while scrolling a TreeView.
1 Common Language Runtime (CLR)
2 Windows Communication Foundation (WCF) 3 Windows Presentation Foundation (WPF)
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.
You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.
Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.
The following table is for Windows 10 and Windows Server 2016+ versions.
|Product Version||Cumulative Update|
|Windows 10 1909 and Windows Server, version 1909|
|.NET Framework 3.5, 4.8||Catalog||4534132|
|Windows 10 1903 and Windows Server, version 1903|
|.NET Framework 3.5, 4.8||Catalog||4534132|
|Windows 10 1809 (October 2018 Update) and Windows Server 2019||4538122|
|.NET Framework 3.5, 4.7.2||Catalog||4534119|
|.NET Framework 3.5, 4.8||Catalog||4534131|
|Windows 10 1803 (April 2018 Update)|
|.NET Framework 3.5, 4.7.2||Catalog||4537762|
|.NET Framework 4.8||Catalog||4534130|
|Windows 10 1709 (Fall Creators Update)|
|.NET Framework 3.5, 4.7.1, 4.7.2||Catalog||4537789|
|.NET Framework 4.8||Catalog||4534129|
|Windows 10 1703 (Creators Update)|
|.NET Framework 3.5, 4.7, 4.7.1, 4.7.2||Catalog||4537765|
|.NET Framework 4.8||Catalog||4537557|
|Windows 10 1607 (Anniversary Update) and Windows Server 2016|
|.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2||Catalog||4537764|
|.NET Framework 4.8||Catalog||4534126|
|Windows 10 1507|
|.NET Framework 3.5, 4.6, 4.6.1, 4.6.2||Catalog||4537776|
The following table is for earlier Windows and Windows Server versions.
|Product Version||Security and Quality Rollup|
|Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2||4538124|
|.NET Framework 3.5||Catalog||4532946|
|.NET Framework 4.5.2||Catalog||4534120|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2||Catalog||4534117|
|.NET Framework 4.8||Catalog||4534134|
|Windows Server 2012||4538123|
|.NET Framework 3.5||Catalog||4532943|
|.NET Framework 4.5.2||Catalog||4534121|
|.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2||Catalog||4534116|
|.NET Framework 4.8||Catalog||4534133|
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
- January 2020 Preview of Quality Rollup
- January 2020 Security and Quality Rollup
- December 2019 Security and Quality Rollup
- November 2019 Preview of Quality Rollup