Table of contents
×

Release Date:
February 9, 2021

Version:
.NET Framework 3.5, 4.7.2 and 4.8

Summary

Security Improvements

This security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111.

Quality Improvements

For a list of improvements that were released with this update, please see the article links in the Additional Information section of this article.

Known issues in this update

Symptom

After installing this update, WPF apps may crash with a callstack similar to

Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)
at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()

This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps.

Workaround

This issue was resolved in KB4601558 for .NET Framework 4.7.2, and KB4601555 for .NET Framework 4.8.

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

  • 4601060 Description of the Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019 (KB4601060)

  • 4601055 Description of the Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019 (KB4601055)

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Classification: Security Updates

Information about protection and security

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×