Release Date:
February 9, 2021Version: .NET Framework 4.8
Security ImprovementsThis security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111.Quality ImprovementsASP.NET | - Addresses an issue where after installing the update released on October 20th, some ASP.Net applications fail during precompilation – likely with a message that contains the words “Error ASPCONFIG.” |
---|---|
WPF1 | - Addresses a hang when scrolling to the end of a TreeView, when layout rounding is enabled and DPI scaling is not 100%. |
CLR | - Improves the reliability of automatic Native Image generation task. |
1 Windows Presentation Foundation (WPF) |
Symptom| After installing this update, WPF apps may crash with a callstack similar to`
Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef) at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()
This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps. ---|--- **Workaround**| To work around this problem, set two AppContext switches using one of the methods described in [AppContext Class (System)](<https://docs.microsoft.com/en-us/dotnet/api/system.appcontext?view=netcore-3.1#remarks>) under the heading “AppContext for library consumers”. The switches are named**Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix**and**Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix** and both should be set to “true”. The first switch avoids the crash, but re-introduces the bug fixed in the KBs. The second switch is currently ignored, but will be recognized in a future .NET update that contains a fix for the null-reference crash; it restores the original bug fix.For example, using the app.config file method to apply the workaround at application scope:
<AppContextSwitchOverrides value="Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix=true; Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix=true " />
`
Install this update****Release Channel | Available | Next Step |
---|---|---|
Windows Update and Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) | Yes | This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 10, version 1607 and Windows Server, version 2016Classification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for cumulative update. |