Lucene search
MicrosoftKB5008877HistoryJan 11, 2022 - 8:00 a.m.
January 11, 2022-KB5008877 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016
2022-01-1108:00:00
Microsoft
support.microsoft.com
74
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.5%
January 11, 2022-KB5008877 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016
Release Date:
January 11, 2022 Version: ** .NET Framework 4.8**
Summary
| Security Improvements This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. For more information please see CVE-2022-21911.** Quality and reliability improvements** WPF1 | - Addresses an issue where WPF does not respond to touch if the WPF window was activated by a touch manipulation (e.g. swiping a listbox). - Adds a mitigation for an issue involving tearing, flickering, or incorrect composition of visual content under high GPU-load conditions. - Addresses an issue where the extra information associated with a WM_KEYDOWN message is discarded before the handlers for the PreviewKeyDown or KeyDown events can retrieve it via GetMessageExtraInfo. - Addresses an issue where AutomationElement.FindFirst or FindAll do not search the subtree of an hwnd whose UIA_WindowVisibilityOverridden property is set to 1. - Addresses an issue where a binding on TextBox.Text with UpdateSourceTrigger=PropertyChanged produces incorrect results when the Microsoft Quick IME is used. |
|---|---|
| SQL Connectivity | - Under certain error cases caused due to NullReferenceException thrown while populating SqlParameter values using customer provided delegates, the SqlClient driver may not cleanup the state of connection state. The connection in bad state, can make its way into the connection pool and may be picked up for reuse causing unexpected failures on the connection. If such a condition is recognized, an AppContext Switch “Switch.System.Data.SqlClient.CleanupParserOnAllFailures”, may be enabled to clean up connections on any kind of failures even while running into errors with delegates. |
| WCF2 | - Addresses a failure to correctly timeout a failed request when making an asynchronous WCF call over HTTP. If the service has sent a partial response message and fails to send the remainder of the response, the client may not fail the call after the configured timeout. |
| 1 Windows Presentation Foundation (WPF) | |
| 2 Windows Communication Foundation (WCF) |
Known issues in this update
Microsoft is not currently aware of any issues in this update.
How to get this update
| Install this update****Release Channel | Available | Next Step |
|---|---|---|
| Windows Update and Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
| Windows Update for Business | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
| Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
| Windows Server Update Services (WSUS) | Yes | This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 10, version 1607 and Windows Server, version 2016Classification: Security Updates File information For a list of the files that are provided in this update, download the file information for cumulative update. |
Information about protection and security
- Protect yourself online: Windows Security support
- Learn how we guard against cyber threats: Microsoft Security
Related
prion
prion
Denial of service
2022-01-11 21:15:00
openvas
openvas
Microsoft .NET Framework DoS Vulnerability (KB5008879)
2022-01-12 00:00:00
Microsoft .NET Framework DoS Vulnerability (KB5009718)
2022-01-12 00:00:00
Microsoft .NET Framework DoS Vulnerability (KB5009721)
2022-01-12 00:00:00
mskb
mskb
Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5009720)
2022-01-11 08:00:00
nessus
nessus
Security Updates for Microsoft .NET Framework (January 2022)
2022-12-05 00:00:00
KB5009585: Windows 10 LTS 1507 Security Updates (January 2022)
2022-01-11 00:00:00
mscve
mscve
.NET Framework Denial of Service Vulnerability
2022-01-11 08:00:00
cve
cve
CVE-2022-21911
2022-01-11 21:15:00
kaspersky
kaspersky
KLA12421 Multiple vulnerabilities in Microsoft Developer Tools
2022-01-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2022
2022-01-11 21:41:56
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.5%
Related for KB5008877