April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2

Release Date:
April 12, 2022 Version: ** .NET Framework 3.5 and 4.8**

Summary

Security Improvements This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. For more information please see CVE-2022-26832.** Quality and reliability improvements** Winforms | - Addresses a leak of IRawElementProviderSimple objects which was introduced in .NET Framework 4.8. This is an opt-in fix, add the following compatibility switch to the app.config file in order to dispose the accessible objects: <runtime>

<!-- AppContextSwitchOverrides values are in the form of 'key1=true|false;key2=true|false –>

<AppContextSwitchOverrides value=“Switch.System.Windows.Forms.DisconnectUiaProvidersOnWmDestroy=true”/>

</runtime> Note: that when the accessibility server application opts into this fix, the accessibility client will receive errors when accessing the disconnected provider. This is expected because the corresponding control window is destroyed. Previous behavior where the provider was returning information for destroyed controls was incorrect.
—|—
NET Libraries | - Addresses an issue when Ssl negotiation can hang indefinitely when client certificates are used when TLS 1.3 is negotiated. Before the change renegotiation (PostHandshakeAuthentiction) would fail and SslStream or HttpWebRequest would observe a timeout.

Known issues in this update

Microsoft is not currently aware of any issues in this update.

How to get this update

Information about protection and security

• Protect yourself online: Windows Security support
• Learn how we guard against cyber threats: Microsoft Security