.NET Framework June 2021 Security and Quality Rollup Updates

Tara

Today, we are releasing the June 2021 Security and Quality Rollup Updates for .NET Framework.

Security

The June Security and Quality Rollup Update does not contain any new security fixes. See February 2021 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR1
  • Addresses a performance issue caused by incorrect configuration in the GC.
  • Addresses an issue where a background GC could pause the runtime for a long period of time if a large managed heap is filled with long lived objects with a deep chain of references.
  • Addresses an issue where crashes could occur if security stackwalks were generated during ThreadAbortException handling.
NCL2
  • .NET Framework 4.8 will now allow to negotiate TLS 1.3 if underlying OS supports it.
WPF3
  • Addresses an issue when rapid typing using an IME can crash via FailFast.
  • Addresses an issue where Thaana characters displayed in left-to-right order.
  • Addresses a crash when WebBrowser receives a completion event for a navigation it tried to cancel.


1 Common Language Runtime (CLR)
2 Network Class Library (NCL)
3 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 10 version 21H1
.NET Framework 3.5, 4.8 Catalog 5003254
Windows 10, version 20H2 and Windows Server, version 20H2
.NET Framework 3.5, 4.8 Catalog 5003254
Windows 10 version 2004 and Windows Server, version 2004
.NET Framework 3.5, 4.8 Catalog 5003254
Windows 10 version 1909
.NET Framework 3.5, 4.8 Catalog 5003256
Windows 10 version 1809 (October 2018 Update) and Windows Server 2019 5003778
.NET Framework 3.5, 4.7.2 Catalog 5003258
.NET Framework 3.5, 4.8 Catalog 5003255
Windows 10 version 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003638
.NET Framework 4.8 Catalog 5003542

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 5003781
.NET Framework 3.5 Catalog 4578953
.NET Framework 4.5.2 Catalog 4578956
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003549
.NET Framework 4.8 Catalog 5003545
Windows Server 2012 5003780
.NET Framework 3.5 Catalog 4578950
.NET Framework 4.5.2 Catalog 4578954
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003548
.NET Framework 4.8 Catalog 5003544
Windows 7 SP1 and Windows Server 2008 R2 SP1 5003779
.NET Framework 3.5.1 Catalog 4578952
.NET Framework 4.5.2 Catalog 4578955
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5003547
.NET Framework 4.8 Catalog 5003543
Windows Server 2008 5003782
.NET Framework 2.0, 3.0 Catalog 4578951
.NET Framework 4.5.2 Catalog 4578955
.NET Framework 4.6 Catalog 5003547

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

13 comments

Comments are closed. Login to edit/delete your existing comments

  • Alfred Ardito

    Does this update supersede KB4601051 (February update)? I noticed after installing this months update, that in the registry and cbs.log, the February update is marked as superseded. But when looking at the catalog online it doesn’t mention that.

    • Tara OverfieldMicrosoft employee

      Installing the June Security and Quality rollup from Windows Update will supersede previous releases, including the February Security and Quality rollup. If you install updates from WSUS or Catalog the June Security and Quality rollup will not supersede the February Security and Quality rollup. This supersedence strategy allows Windows Update to offer only the latest update and allows WSUS and Catalog customers to choose the latest security release or the latest release when there is no new security improvements.

      • logie loge

        Hi Tara,

        Historically, my organisation has deployed packages containing multiple .NET security updates that have been downloaded from the update catalog, including the latest rollup at the time.

        However, my understanding is that the latest rollup is cumulative and includes all previous security fixes therefore, if I have a fresh install of .NET, I shouldn’t need to install any .NET security updates besides the most recent rollup. As things stand currently, this would be the June security rollup which contains all previous security updates (the latest being from Feb ‘21). I’d like to confirm that I have got this correct.

        I did ask a question on the Microsoft Help forum to confirm whether my understanding is correct but I didn’t get a definite response and there were suggestions of installing earlier updates as well as the latest roll up. Please could you advise if I am correct in my understanding?

        For info, my Help forum post is here.

        Many thanks.

        • Tara OverfieldMicrosoft employee

          Hi Logie,
          You are correct in your understanding. The latest rollup is cumulative and includes all previous security fixes. If you have a fresh install of .NET, then install the latest rollup update you will be up-to-date. Currently, the latest update is the June Security and Quality Rollup (which does contain the latest security fixes from Feb ’21).

  • Felipe Pessoto

    Tara, how can I know if I’m affected by this issues: “Addresses an issue where a background GC could pause the runtime for a long period of time if a large managed heap is filled with long lived objects with a deep chain of references.”?

    Thanks

    • Ian Yates

      Agree. Good question. Is there any information about these circumstances so we can determine if this change may help? Even if not, such details are always good to read. Would you be able to point us to a blog post, or a similar fix that may have landed in .net core?

      Also, do we need to opt in to tls 1.3 at all? What setting might govern the opt-in, or opt-out of this change? I just had to set an enum flags value earlier this week to opt-in to tls 1.2 to get a particular web service working so I’m very curious to know if I could extend this enum flags further, or if I don’t need to touch it.

      Thanks

    • Tara OverfieldMicrosoft employee

      When this uncommon issue is experienced you may use a profiler (e.g. PerfView) to determine whether or not you are affected by the underlying issue. In particular, you should see: 1) A long GC pause, 2) That long GC pause is associated with a background GC and 3) observe some ETW events of this type (Microsoft-Windows-DotNETRuntimePrivate/GC/BGCOverflow) emitted from the runtime.