February 9, 2021-KB4601887 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

Release Date:February 9, 2021

Version:.NET Framework 3.5, 4.7.2 and 4.8

Summary

Security Improvements

This security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111.

Quality Improvements

For a list of improvements that were released with this update, please see the article links in the Additional Information section of this article.

Known issues in this update

Symptom

After installing this update, WPF apps may crash with a callstack similar to

Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)
at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()

This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps.

Workaround

This issue was resolved in KB4601558 for .NET Framework 4.7.2, and KB4601555 for .NET Framework 4.8.

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

4601060 Description of the Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019 (KB4601060)
4601055 Description of the Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019 (KB4601055)

Release Channel	Available	Next Step
Windows Update and Microsoft Update	Yes	None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog	Yes	To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)	Yes	This update will automatically sync with WSUS if you configure Products and Classifications as follows: Classification: Security Updates

Information about protection and security

Protect yourself online: Windows Security support
Learn how we guard against cyber threats: Microsoft Security

February 9, 2021-KB4601887 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

Summary

Known issues in this update

Additional information about this update

Information about protection and security

Need more help?

Want more options?

Was this information helpful?

Thank you for your feedback!