Skip to main content

.NET Framework June 2023 Security and Quality Rollup

Today, we are releasing the June 2023 Security and Quality Rollup for .NET Framework.

Security

CVE-2023-24897 – .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remove code execution.

CVE-2023-29326 – .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in WPF where the BAML offers other ways to instantiate types that leads to an elevation of privilege.

CVE-2023-24895 – .NET Framework Remote Code Execution Vulnerability

This security update addresses a vulnerability in the WPF XAML parser where an unsandboxed parser can lead to remote code execution.

CVE-2023-24936 – .NET Framework Elevation of Privilege Vulnerability

This security update addresses a vulnerability in bypass restrictions when deserializing a DataSet or DataTable from XML, leading to an elevation of privilege.

CVE-2023-29331 – .NET Framework Denial of Service Vulnerability

This security update addresses a vulnerability where the AIA fetching process for client certificates can lead to denial of service.

CVE-2023-29330 – .NET Framework Denial of Service Vulnerability

This security update addresses a vulnerability where X509Certificate2 file handling can lead to denial of service.

Quality and Reliability

This release contains the following quality and reliability improvements.

WPF1
  • Addresses an issue where using IsReadOnly property of TextBox and RichTextBox in ControlTemplate.Triggers throws an exception.
  • Addresses Null Reference Exception reloading XPS document after adjusting column width for Datagrid and Gridview controls.
  • Addresses Null Reference Exception when ToolTip is visible property is overridden to be always be false.
  • Addresses an issue to avoid ArgumentOutOfRangeException when ControlTemplate has two or more ItemsPresenter sharing a single ItemsCollection.
  • Addresses ArgumentNullException that can arise in apps, or libraries, that directly set the IsOpen property on ToolTips or their Popups.
SQL Connectivity
  • Addresses an issue where SQL connection created is not terminated by the library when this error is thrown or is leaked in the client application.

1 Windows Presentation Foundation (WPF)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10, version 1507 and Windows Server 2016 versions and newer operating systems.

Product Version Cumulative Update
Windows 11, version 22H2
.NET Framework 3.5, 4.8.1 Catalog 5027119
Windows 11, version 21H2 5027539
.NET Framework 3.5, 4.8 Catalog 5027125
.NET Framework 3.5, 4.8.1 Catalog 5027118
Microsoft server operating system, version 22H2 5027535
.NET Framework 3.5, 4.8 Catalog 5027127
Microsoft server operating system version 21H2 5027544
.NET Framework 3.5, 4.8 Catalog 5027127
.NET Framework 3.5, 4.8.1 Catalog 5027121
Windows 10, version 22H2 5027538
.NET Framework 3.5, 4.8 Catalog 5027122
.NET Framework 3.5, 4.8.1 Catalog 5027117
Windows 10, version 21H2 5027537
.NET Framework 3.5, 4.8 Catalog 5027122
.NET Framework 3.5, 4.8.1 Catalog 5027117
Windows 10 1809 (October 2018 Update) and Windows Server 2019 5027536
.NET Framework 3.5, 4.7.2 Catalog 5027131
.NET Framework 3.5, 4.8 Catalog 5027124
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027219
.NET Framework 4.8 Catalog 5027123
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.2 Catalog 5027230

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup Security Only Update
Windows Embedded 8.1 and Windows Server 2012 R2 5027542 5027533
.NET Framework 3.5 Catalog 5027141 Catalog 5027116
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027133 Catalog 5027112
.NET Framework 4.8 Catalog 5027128 Catalog 5027109
Windows Embedded 8 and Windows Server 2012 5027541 5027532
.NET Framework 3.5 Catalog 5027138 Catalog 5027107
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027132 Catalog 5027111
.NET Framework 4.8 Catalog 5027126 Catalog 5027108
Windows Embedded 7 and Windows Server 2008 R2 SP1 5027540 5027531
.NET Framework 3.5.1 Catalog 5027140 Catalog 5027115
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5027134 Catalog 5027113
.NET Framework 4.8 Catalog 5027129 Catalog 5027110
Windows Server 2008 5027543 5027534
.NET Framework 2.0, 3.0 Catalog 5027139 Catalog 5027114
.NET Framework 4.6.2 Catalog 5027134 Catalog 5027113

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

The post .NET Framework June 2023 Security and Quality Rollup appeared first on .NET Blog.



source https://devblogs.microsoft.com/dotnet/dotnet-framework-june-2023-security-and-quality-rollup/

Comments

Popular posts from this blog