Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4601052
HistoryJan 01, 2000 - 12:00 a.m.

February 9, 2021-KB4601052 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

2000-01-0100:00:00
Microsoft
support.microsoft.com
7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.4%

JSON

February 9, 2021-KB4601052 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

Release Date:
February 9, 2021Version: .NET Framework 4.8

Summary

Security ImprovementsThis security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111.Quality ImprovementsASP.NET - Addresses an issue where after installing the update released on October 20th, some ASP.Net applications fail during precompilation โ€“ likely with a message that contains the words โ€œError ASPCONFIG.โ€
WPF1 - Addresses a hang when scrolling to the end of a TreeView, when layout rounding is enabled and DPI scaling is not 100%.
CLR - Improves the reliability of automatic Native Image generation task.
1 Windows Presentation Foundation (WPF)

Known issues in this update

Symptom| After installing this update, WPF apps may crash with a callstack similar to`

Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)
at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()

This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps. ---|--- **Workaround**| To work around this problem, set two AppContext switches using one of the methods described in [AppContext Class (System)](<https://docs.microsoft.com/en-us/dotnet/api/system.appcontext?view=netcore-3.1#remarks>) under the heading โ€œAppContext for library consumersโ€. The switches are named**Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix**and**Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix** and both should be set to โ€œtrueโ€. The first switch avoids the crash, but re-introduces the bug fixed in the KBs. The second switch is currently ignored, but will be recognized in a future .NET update that contains a fix for the null-reference crash; it restores the original bug fix.For example, using the app.config file method to apply the workaround at application scope:

<AppContextSwitchOverrides value="Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix=true; Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix=true " />

`

How to get this update

Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 10 Version 1703Classification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for cumulative update.

Information about protection and security

Related

cve 1
openvas 8
nessus 3
mskb 15
prion 1
mscve 1
redhatcve 1
kaspersky 1
rapid7blog 1
cve
cve
CVE-2021-24111
2021-02-25 23:15:00
openvas
openvas
Microsoft .NET Framework Denial of Service Vulnerability (KB4601887)
2021-02-10 00:00:00
Microsoft .NET Framework Denial of Service Vulnerability (KB4603002)
2021-02-10 00:00:00
Microsoft .NET Framework Denial of Service Vulnerability (KB4603004)
2021-02-10 00:00:00
nessus
nessus
Security Updates for Microsoft .NET Framework (February 2021)
2022-12-05 00:00:00
KB4601318: Windows 10 Version 1607 and Windows Server 2016 February 2021 Security Update
2021-02-09 00:00:00
KB4601354: Windows 10 Version 1803 February 2021 Security Update
2021-02-09 00:00:00
mskb
mskb
February 9, 2021-KB4601887 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
2021-02-09 08:00:00
Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4602958)
2021-02-09 08:00:00
February 9, 2021-KB4601050 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2
2021-02-09 08:00:00
prion
prion
Denial of service
2021-02-25 23:15:00
mscve
mscve
.NET Framework Denial of Service Vulnerability
2021-02-09 08:00:00
redhatcve
redhatcve
CVE-2021-24111
2021-03-01 16:03:32
kaspersky
kaspersky
KLA12073 Multiple vulnerabilities in Microsoft Developer Tools
2021-02-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2021
2021-02-09 23:51:27

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.4%

JSON
Related for KB4601052
cve1openvas8nessus3mskb15prion1mscve1redhatcve1kaspersky1rapid7blog1