.NET Framework September 2020 Security and Quality Rollup Updates

Tara Overfield

Tara

Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previous release of this some updates. See known issues section for more details. If you’ve already installed a previous release of an affected update, no action is required.

Today, we are releasing the September 2020 Security and Quality Rollup Updates for .NET Framework.

Security

ClickOnce will no longer download applications from untrusted servers which use NTLM authentication, but, instead, will fail with “Authentication failed”. Sites in the Local Intranet and Trusted sites zones will continue to authenticate as before.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR1
  • Addresses an issue in some 32 bit apps where, in certain scenarios, the JIT might omit a function call
  • Improved support for cleaning up private temporary certificate keys
WPF2
  • Addresses an issue with a null-reference crash in automation code, arising from re-entrancy when reconnection to a remote desktop

1 Common Language Runtime (CLR) 2 Windows Presentation Foundation (WPF)

Known issues in this security update

Symptom Customers using Windows 7 SP1, Windows Server 2008 R2 SP1 or Windows Server 2008, this update does not install, and it returns either or both of the following error messages:

  • -2146762495
  • A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Workaround

This issue was corrected by the latest release of this update. If you’ve already installed a previous release of this update, no action is required.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 10 Version Next and Windows Server, Version Next
.NET Framework 3.5, 4.8 Catalog 4576477
Windows 10 2004 and Windows Server, version 2004
.NET Framework 3.5, 4.8 Catalog 4576478
Windows 10 1909 and Windows Server, version 1909
.NET Framework 3.5, 4.8 Catalog 4576484
Windows 10 1903 and Windows Server, version 1903
.NET Framework 3.5, 4.8 Catalog 4576484
Windows 10 1809 (October 2018 Update) and Windows Server 2019 4576627
.NET Framework 3.5, 4.7.2 Catalog 4570720
.NET Framework 3.5, 4.8 Catalog 4576483
Windows 10 1803 (April 2018 Update)
.NET Framework 3.5, 4.7.2 Catalog 4577032
.NET Framework 4.8 Catalog 4576482
Windows 10 1709 (Fall Creators Update)
.NET Framework 3.5, 4.7.1, 4.7.2 Catalog 4577041
.NET Framework 4.8 Catalog 4576481
Windows 10 1703 (Creators Update)
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2 Catalog 4577021
.NET Framework 4.8 Catalog 4576480
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4577015
.NET Framework 4.8 Catalog 4576479
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2 Catalog 4577049

 

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup Security Only Update
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 4576630
.NET Framework 3.5 Catalog 4569768 N/A N/A
.NET Framework 4.5.2 Catalog 4569778 N/A N/A
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4576614 N/A N/A
.NET Framework 4.8 Catalog 4576486 Catalog 4576489
Windows Server 2012 4576629
.NET Framework 3.5 Catalog 4569765 N/A N/A
.NET Framework 4.5.2 Catalog 4569779 N/A N/A
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4576613 N/A N/A
.NET Framework 4.8 Catalog 4576485 Catalog 4576488
Windows 7 SP1 and Windows Server 2008 R2 SP1 4576628
.NET Framework 3.5.1 Catalog 4569767 N/A N/A
.NET Framework 4.5.2 Catalog 4569780 N/A N/A
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4576612 N/A N/A
.NET Framework 4.8 Catalog 4576487 Catalog 4576490
Windows Server 2008 4576631
.NET Framework 2.0, 3.0 Catalog 4569766 N/A N/A
.NET Framework 4.5.2 Catalog 4569780 N/A N/A
.NET Framework 4.6 Catalog 4576612 N/A N/A

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

10 comments

Comments are closed. Login to edit/delete your existing comments

  • Avatar
    Ismail Demir

    Hello Tara,

    please release only two version of the NetFx Updates for Windows7 SP1.
    One for pre ESU and one for post ESU.

    Please also cumulate all the monthly NetFx Updates and mark it as replaced/superseded.

    Thank you!

    • Avatar
      Ismail Demir

      In case of KB4569767, the support page has a note that the update KB4569767 replace the update 4566517 but the catalog page doesn’t.

      See links above

      • Tara Overfield
        Tara OverfieldMicrosoft employee

        Currently, the .NET team calculates supersedence at the parent KB level – not the child KB level. If you search for the parent KB on catalog, for example KB4576628, then the supersedence is listed. We will consider also adding supersedence at the individual/child patch level.

        • Avatar
          Ismail Demir

          Hello Tara,

          note, on fresh installation of w7sp1 (net3.5) following updates appears on windows update:

          • kb4041083 (child kb4040980; dated 09/2017)
          • kb4049016 (child kb4040980; dated 11/2017)

          and

          • kb4535102 (child kb4532945; dated 01/2020)

          -> kb4535102 replaces kb4040980, in fact kb4041083 and kb4049016!

    • Avatar
      Ismail Demir

      … to bring it up (again)

      kb2931356 with kb2836943-v2 and kb2894844 should be merged into kb4569767 (monthly)

      kb3023215 and kb2789645 should be merged into/with kb4569767 (monthly)

      kb4040980 should be merged into/with kb4569767 (monthly)

      All files are fragmented and should be merged together!

      Btw. The Windows7 monthly update (kb4577051) has not merged all files from prior monthly kb4571729! Looks like IE update reverted or not included!

        • Avatar
          Ismail Demir

          Hello Tara,

          thank you for the reply!

          You could go forward with the parent supersedence but keep in mind that there also fragmented updates exists and should be sorted out.
          Then the supersedence updates appears on windows update.

          Thank you again

  • Avatar
    Jason Baginski

    Slight oddity. Did anything change with how AppPools are handled? We had some complaints this morning about some issues with one particular site. This particular project has two AppPools, one is an admin site the other is the actual user site. The complaints were described as “going in and out” and occasional “request too large” errors. When loading up IIS to see if any configuration values had changed, we noticed that the AdminAppPool had 2 applications listed while the UserAppPool had 0. We double checked the site configuration and each site had the proper AppPool listed. The only thing slightly abnormal about these AppPools compared to the rest is the names had dashes in them(as per the company name). After renaming them to no longer have dashes, they each show the proper number of applications(1 and 1). After the rename, there also haven’t been any further issues reported. I’m mostly posting this here as a reference in case someone else is having some odd behavior after applying this update so they have one more thing to check.