Skip to main content

.NET Framework June 2023 Security and Quality Rollup

Today, we are releasing the June 2023 Security and Quality Rollup for .NET Framework.

Security

CVE-2023-24897 – .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remove code execution.

CVE-2023-29326 – .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in WPF where the BAML offers other ways to instantiate types that leads to an elevation of privilege.

CVE-2023-24895 – .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in the WPF XAML parser where an unsandboxed parser can lead to remote code execution.

CVE-2023-24936 – .NET Framework Elevation of Privilege Vulnerability

This security update addresses a vulnerability in bypass restrictions when deserializing a DataSet or DataTable from XML, leading to an elevation of privilege.

CVE-2023-29331 – .NET Framework Denial of Service Vulnerability

This security update addresses a vulnerability where the AIA fetching process for client certificates can lead to denial of service.

CVE-2023-29330 – .NET Framework Denial of Service Vulnerability

This security update addresses a vulnerability where X509Certificate2 file handling can lead to denial of service.

Quality and Reliability

This release contains the following quality and reliability improvements.

WPF1
  • Addresses an issue where using IsReadOnly property of TextBox and RichTextBox in ControlTemplate.Triggers throws an exception.
  • Addresses Null Reference Exception reloading XPS document after adjusting column width for Datagrid and Gridview controls.
  • Addresses Null Reference Exception when ToolTip is visible property is overridden to be always be false.
  • Addresses an issue to avoid ArgumentOutOfRangeException when ControlTemplate has two or more ItemsPresenter sharing a single ItemsCollection.
  • Addresses ArgumentNullException that can arise in apps, or libraries, that directly set the IsOpen property on ToolTips or their Popups.
SQL Connectivity
  • Addresses an issue where SQL connection created is not terminated by the library when this error is thrown or is leaked in the client application.

1 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10, version 1507 and Windows Server 2016 versions and newer operating systems.

Product Version Cumulative Update
Windows 11, version 22H2
.NET Framework 3.5, 4.8.1 Catalog 5027119
Windows 11, version 21H2 5027539
.NET Framework 3.5, 4.8 Catalog 5027125
.NET Framework 3.5, 4.8.1 Catalog 5027118
Microsoft server operating system, version 22H2 5027535
.NET Framework 3.5, 4.8 Catalog 5027127
Microsoft server operating system version 21H2 5027544
.NET Framework 3.5, 4.8 Catalog 5027127
.NET Framework 3.5, 4.8.1 Catalog 5027121
Windows 10, version 22H2 5027538
.NET Framework 3.5, 4.8 Catalog 5027122
.NET Framework 3.5, 4.8.1 Catalog 5027117
Windows 10, version 21H2 5027537
.NET Framework 3.5, 4.8 Catalog 5027122
.NET Framework 3.5, 4.8.1 Catalog 5027117
Windows 10 1809 (October 2018 Update) and Windows Server 2019 5027536
.NET Framework 3.5, 4.7.2 Catalog 5027131
.NET Framework 3.5, 4.8 Catalog 5027124
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027219
.NET Framework 4.8 Catalog 5027123
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.2 Catalog 5027230

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup Security Only Update
Windows Embedded 8.1 and Windows Server 2012 R2 5027542 5027533
.NET Framework 3.5 Catalog 5027141 Catalog 5027116
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027133 Catalog 5027112
.NET Framework 4.8 Catalog 5027128 Catalog 5027109
Windows Embedded 8 and Windows Server 2012 5027541 5027532
.NET Framework 3.5 Catalog 5027138 Catalog 5027107
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027132 Catalog 5027111
.NET Framework 4.8 Catalog 5027126 Catalog 5027108
Windows Embedded 7 and Windows Server 2008 R2 SP1 5027540 5027531
.NET Framework 3.5.1 Catalog 5027140 Catalog 5027115
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027134 Catalog 5027113
.NET Framework 4.8 Catalog 5027129 Catalog 5027110
Windows Server 2008 5027543 5027534
.NET Framework 2.0, 3.0 Catalog 5027139 Catalog 5027114
.NET Framework 4.6.2 Catalog 5027134 Catalog 5027113

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

The post .NET Framework June 2023 Security and Quality Rollup appeared first on .NET Blog.



source https://devblogs.microsoft.com/dotnet/dotnet-framework-june-2023-security-and-quality-rollup/
Labels:

Comments

Post a Comment

Popular posts from this blog

Fake CVR Generator Denmark

What Is Danish CVR The Central Business Register (CVR) is the central register of the state with information on all Danish companies. Since 1999, the Central Business Register has been the authoritative register for current and historical basic data on all registered companies in Denmark. Data comes from the companies' own registrations on Virk Report. There is also information on associations and public authorities in the CVR. As of 2018, CVR also contains information on Greenlandic companies, associations and authorities. In CVR at Virk you can do single lookups, filtered searches, create extracts and subscriptions, and retrieve a wide range of company documents and transcripts. Generate Danish CVR For Test (Fake) Click the button below to generate the valid CVR number for Denmark. You can click multiple times to generate several numbers. These numbers can be used to Test your sofware application that uses CVR, or Testing CVR APIs that Danish Govt provide. Generate
Post a Comment
Read more

How To Iterate Dictionary Object

Dictionary is a object that can store values in Key-Value pair. its just like a list, the only difference is: List can be iterate using index(0-n) but not the Dictionary . Generally when we try to iterate the dictionary we get below error: " Collection was modified; enumeration operation may not execute. " So How to parse a dictionary and modify its values?? To iterate dictionary we must loop through it's keys or key - value pair. Using keys
Post a Comment
Read more

How To Append Data to HTML5 localStorage or sessionStorage?

The localStorage property allows you to access a local Storage object. localStorage is similar to sessionStorage. The only difference is that, while data stored in localStorage has no expiration time untill unless user deletes his cache, data stored in sessionStorage gets cleared when the originating window or tab get closed. These are new HTML5 objects and provide these methods to deal with it: The following snippet accesses the current domain's local Storage object and adds a data item to it using Storage.setItem() . localStorage.setItem('myFav', 'Taylor Swift'); or you can use the keyname directly as : localStorage.myFav = 'Taylor Swift'; To grab the value set in localStorage or sessionStorage, we can use localStorage.getItem("myFav"); or localStorage.myFav There's no append function for localStorage or sessionStorage objects. It's not hard to write one though.The simplest solution goes here: But we can kee
Post a Comment
Read more