August 11, 2020-KB4569751 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909

Summary

An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET Framework handle requests.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

• CVE-2020-1476

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.

For more information go to: https://go.microsoft.com/fwlink/?linkid=2138023

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

• CVE-2020-1046

Known issues in this update

Windows Presentation Framework (WPF) applications that use two or more HostVisual elements belonging to a common thread, where both HostVisual elements are asked to disconnect from their visual target at roughly the same time, mail fail with the following error:

Exception type:  System.COMException
Message:  UCEERR_RENDERTHREADFAILURE (HRESULT 0x88980406)
Callstack:  top frame is System.Windows.Media.Composition.DUCE+Channel.SyncFlush()

Workarounds

You can disable the problematic fix by setting the AppContext switch “Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread” to true, using one of the methods described here.  This exposes your app to the original bug, so you should remove the switch once a fix is published through an upcoming update.

Workaround 1

•    Add the following entry to the app.config file to disable the problematic fix in a single application.

<runtime>
    <AppContextSwitchOverrides value="Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread=true"/>
</runtime>

Note that if your application configuration already has an entry for <AppContextSwitchOverrides>, you need to add the new setting within that entry, separated from other switches by a semicolon:

   <AppContextSwitchOverrides value="Switch.SomeOtherSwitch=true; Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread=true"/>

Workaround 2

•    Apply the following registry subkey to disable the problematic fix for all WPF applications on the machine.
 Warning
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\AppContext\
Name: Switch.System.Media.HostVisual.DisconnectsOnWrongThread
Type: String
Value: true

Note that on 64-bit operating systems, you also need to apply a registry subkey with the same name, type, and value at the location:   HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\AppContext\

Resolution

We are working on a resolution and will provide an update in an upcoming release.
 

How to get this update

Install this update

File information

For a list of the files that are provided in this update, download the file information for cumulative update.

Information about protection and security

• Protect yourself online: Windows Security support

• Learn how we guard against cyber threats: Microsoft Security