.NET Framework July 2021 Security and Quality Rollup

Tara

Yesterday, we released the July 2021 Security and Quality Rollup Updates for .NET Framework.

Security

The June Security and Quality Rollup Update does not contain any new security fixes. See February 2021 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements.

ClickOnce
  • Addresses a regression introduced in previous updates. We now honor WinTrust policy setting “Ignore timestamp revocation checks” setting when validating timestamps in ClickOnce manifests.
CLR1
  • When the process is not under high memory pressure it tends to favor doing BGCs over doing full compacting GCs. This is usually desirable but if the app behavior changes dramatically, it could cause much of the fragmentation in older generations (ie, gen2 and LOH) to be unused. You can collect GC ETW events which tell you how much fragmentation there is in gen2 and LOH and verify if you are in this situation.
Windows Forms
  • Addresses an issue in Property Grid control to prevent incorrect data read in some scenarios in 64 bit processes.
  • Addresses an issue where System.Drawing double frees allocated memory when failing to get printer settings.
WPF2
  • Addresses an issue affecting a DataGrid contained in an outer ScrollViewer.
  • Addresses a crash due to ElementNotAvailableException in a ListView with custom data-item automation peers.

1 Common Language Runtime (CLR) 2 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 10 21H1
.NET Framework 3.5, 4.8 Catalog 5003537
Windows 10, version 20H2 and Windows Server, version 20H2
.NET Framework 3.5, 4.8 Catalog 5003537
Windows 10 2004 and Windows Server, version 2004
.NET Framework 3.5, 4.8 Catalog 5003537
Windows 10 1909
.NET Framework 3.5, 4.8 Catalog 5003539
Windows 10 1809 (October 2018 Update) and Windows Server 2019 5004228
.NET Framework 3.5, 4.7.2 Catalog 5003541
.NET Framework 3.5, 4.8 Catalog 5003538
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5004238
.NET Framework 4.8 Catalog 5004115

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 5004231
.NET Framework 3.5 Catalog 4578953
.NET Framework 4.5.2 Catalog 4578956
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5004122
.NET Framework 4.8 Catalog 5004118
Windows Server 2012 5004230
.NET Framework 3.5 Catalog 4578950
.NET Framework 4.5.2 Catalog 4578954
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5004121
.NET Framework 4.8 Catalog 5004117
Windows 7 SP1 and Windows Server 2008 R2 SP1 5004229
.NET Framework 3.5.1 Catalog 4578952
.NET Framework 4.5.2 Catalog 4578955
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5004120
.NET Framework 4.8 Catalog 5004116
Windows Server 2008 5004232
.NET Framework 2.0, 3.0 Catalog 4578951
.NET Framework 4.5.2 Catalog 4578955
.NET Framework 4.6, 4.6.2 Catalog 5004120

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

2 comments

Comments are closed. Login to edit/delete your existing comments

  • Tim Romano

    It’s August 2021, and we have legacy mission-critical LOB Winforms applications. We deploy these apps with Visual Studio publish wizard to a file share on an intranet server as “available online only”. When I go to install a program published in that manner, the new Chromium version of Edge is treating the “setup.exe” as a normal download, intercepting it rather than executing it. Our networking team has enabled ClickOnce for Edge in ActiveDirectory group policy but that did not fix the issue, so I suppose they must also make some changes to the SmartScreen policy settings for Edge in ActiveDirectory and possibly some others. Is there Microsoft documentation that addresses these Edge security policy settings and ClickOnce interoperability, for .NET versions that predate .NET 5?

    • Tara OverfieldMicrosoft employee

      Hi Tim,

      Thanks for reporting this issue, however, this release did not make any changes to Windows Forms or ClickOnce which may have caused the issues you describe. The .EXE installer behavior is common for any other file but not just ClickOnce. Files which are *.EXE are always downloaded first, only *.application is supposed to install directly – this is what we expect to execute directly instead of downloading. If .Application is not launching directly, we may refer it to Edge changes that might have caused it, given they enabled ClickOnce for edge.