.NET Framework September 2020 Security and Quality Rollup Updates
Tara Overfield
Revised 6/8/2021: On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you’ve already installed a previous release of this update, no action is required.
Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previous release of this some updates. See known issues section for more details. If you’ve already installed a previous release of an affected update, no action is required.
Today, we are releasing the September 2020 Security and Quality Rollup Updates for .NET Framework.
Security
ClickOnce will no longer download applications from untrusted servers which use NTLM authentication, but, instead, will fail with “Authentication failed”. Sites in the Local Intranet and Trusted sites zones will continue to authenticate as before.
Quality and Reliability
This release contains the following quality and reliability improvements.
CLR1
- Addresses an issue in some 32 bit apps where, in certain scenarios, the JIT might omit a function call
- Improved support for cleaning up private temporary certificate keys
WPF2
- Addresses an issue with a null-reference crash in automation code, arising from re-entrancy when reconnection to a remote desktop
1 Common Language Runtime (CLR) 2 Windows Presentation Foundation (WPF)
Known issues in this security update
| Symptom | Customers using Windows 7 SP1, Windows Server 2008 R2 SP1 or Windows Server 2008, this update does not install, and it returns either or both of the following error messages:
|
| Workaround |
This issue was corrected by the latest release of this update. If you’ve already installed a previous release of this update, no action is required. |
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.
**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.
The following table is for Windows 10 and Windows Server 2016+ versions.
| Product Version | Cumulative Update | |
|---|---|---|
| Windows 10 Version Next and Windows Server, Version Next | ||
| .NET Framework 3.5, 4.8 | Catalog | 4576477 |
| Windows 10 2004 and Windows Server, version 2004 | ||
| .NET Framework 3.5, 4.8 | Catalog | 4576478 |
| Windows 10 1909 and Windows Server, version 1909 | ||
| .NET Framework 3.5, 4.8 | Catalog | 4576484 |
| Windows 10 1903 and Windows Server, version 1903 | ||
| .NET Framework 3.5, 4.8 | Catalog | 4576484 |
| Windows 10 1809 (October 2018 Update) and Windows Server 2019 | 4576627 | |
| .NET Framework 3.5, 4.7.2 | Catalog | 4570720 |
| .NET Framework 3.5, 4.8 | Catalog | 4576483 |
| Windows 10 1803 (April 2018 Update) | ||
| .NET Framework 3.5, 4.7.2 | Catalog | 4577032 |
| .NET Framework 4.8 | Catalog | 4576482 |
| Windows 10 1709 (Fall Creators Update) | ||
| .NET Framework 3.5, 4.7.1, 4.7.2 | Catalog | 4577041 |
| .NET Framework 4.8 | Catalog | 4576481 |
| Windows 10 1703 (Creators Update) | ||
| .NET Framework 3.5, 4.7, 4.7.1, 4.7.2 | Catalog | 4577021 |
| .NET Framework 4.8 | Catalog | 4576480 |
| Windows 10 1607 (Anniversary Update) and Windows Server 2016 | ||
| .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog | 4577015 |
| .NET Framework 4.8 | Catalog | 4576479 |
| Windows 10 1507 | ||
| .NET Framework 3.5, 4.6, 4.6.1, 4.6.2 | Catalog | 4577049 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup | Security Only Update | ||
|---|---|---|---|---|
| Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 | 4576630 | |||
| .NET Framework 3.5 | Catalog | 4569768 | N/A | N/A |
| .NET Framework 4.5.2 | Catalog | 4569778 | N/A | N/A |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog | 4576614 | N/A | N/A |
| .NET Framework 4.8 | Catalog | 4576486 | Catalog | 4576489 |
| Windows Server 2012 | 4576629 | |||
| .NET Framework 3.5 | Catalog | 4569765 | N/A | N/A |
| .NET Framework 4.5.2 | Catalog | 4569779 | N/A | N/A |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog | 4576613 | N/A | N/A |
| .NET Framework 4.8 | Catalog | 4576485 | Catalog | 4576488 |
| Windows 7 SP1 and Windows Server 2008 R2 SP1 | 4576628 | |||
| .NET Framework 3.5.1 | Catalog | 4569767 | N/A | N/A |
| .NET Framework 4.5.2 | Catalog | 4569780 | N/A | N/A |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog | 4576612 | N/A | N/A |
| .NET Framework 4.8 | Catalog | 4576487 | Catalog | 4576490 |
| Windows Server 2008 | 4576631 | |||
| .NET Framework 2.0, 3.0 | Catalog | 4569766 | N/A | N/A |
| .NET Framework 4.5.2 | Catalog | 4569780 | N/A | N/A |
| .NET Framework 4.6 | Catalog | 4576612 | N/A | N/A |
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
- .NET Framework September 3, 2020 Cumulative Update Preview for Windows 10 2004 and Windows Server, version 2004
- .NET Framework August 2020 Cumulative Update Preview
- .NET Framework August 2020 Security and Quality Rollup Updates
- .NET Framework July 2020 Cumulative Update Preview for Windows 10, version 2004
Light
Dark
10 comments
Hello Tara,
please release only two version of the NetFx Updates for Windows7 SP1.
One for pre ESU and one for post ESU.
Please also cumulate all the monthly NetFx Updates and mark it as replaced/superseded.
Thank you!
In case of KB4569767, the support page has a note that the update KB4569767 replace the update 4566517 but the catalog page doesn’t.
See links above
Currently, the .NET team calculates supersedence at the parent KB level – not the child KB level. If you search for the parent KB on catalog, for example KB4576628, then the supersedence is listed. We will consider also adding supersedence at the individual/child patch level.
Hello Tara,
note, on fresh installation of w7sp1 (net3.5) following updates appears on windows update:
and
-> kb4535102 replaces kb4040980, in fact kb4041083 and kb4049016!
… to bring it up (again)
kb2931356 with kb2836943-v2 and kb2894844 should be merged into kb4569767 (monthly)
kb3023215 and kb2789645 should be merged into/with kb4569767 (monthly)
kb4040980 should be merged into/with kb4569767 (monthly)
All files are fragmented and should be merged together!
Btw. The Windows7 monthly update (kb4577051) has not merged all files from prior monthly kb4571729! Looks like IE update reverted or not included!
Thank you for raising this, the .NET team will investigate.
Hello Tara,
thank you for the reply!
You could go forward with the parent supersedence but keep in mind that there also fragmented updates exists and should be sorted out.
Then the supersedence updates appears on windows update.
Thank you again
thanks for your information.
Slight oddity. Did anything change with how AppPools are handled? We had some complaints this morning about some issues with one particular site. This particular project has two AppPools, one is an admin site the other is the actual user site. The complaints were described as “going in and out” and occasional “request too large” errors. When loading up IIS to see if any configuration values had changed, we noticed that the AdminAppPool had 2 applications listed while the UserAppPool had 0. We double checked the site configuration and each site had the proper AppPool listed. The only thing slightly abnormal about these AppPools compared to the rest is the names had dashes in them(as per the company name). After renaming them to no longer have dashes, they each show the proper number of applications(1 and 1). After the rename, there also haven’t been any further issues reported. I’m mostly posting this here as a reference in case someone else is having some odd behavior after applying this update so they have one more thing to check.
We have not heard of issues with this update. There was no changes with how AppPools are handled. If you are able to provide logs for further investigation that would be helpful. Logs may be sent to gofxserv@microsoft.com or tarao@microsoft.com.