June 13, 2023-Security Only Update for .NET Framework 3.5 for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5027116)

Applies to:

Microsoft .NET Framework 3.5

Note:

Revised June 15, 2023 to correct the wording of the known issue to X.509 certificate

Revised on June 20, 2023 to fix the link for CVE-2023-32030

Revised on July 5th, 2023 to add resolution to known issue.

REMINDER

As a reminder to advanced IT administrators, updates to .NET Framework 3.5 for Windows Embedded 8.1 and Windows Server 2012 R2 should only be applied on systems where .NET Framework 3.5 is present and enabled. Customers who attempt to pre-install updates to .NET Framework 3.5 to offline images that do not contain the .NET Framework 3.5 product enabled will expose these systems to failures to enable .NET Framework 3.5 after the systems are online. For more extensive information about deploying .NET Framework 3.5, see Microsoft .NET Framework 3.5 Deployment Considerations.
If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

The June 13, 2023 update for Windows Embedded 8.1 and Windows Server 2012 R2 includes security improvements in .NET Framework 3.5. We recommend that you apply this update as part of your regular maintenance routines. Verify that you have installed the required updates listed in the How to get this update section before installing this update.

Summary

CVE-2023-29326 - .NET Framework Remote Code Execution Vulnerability
This security update addresses a vulnerability in WPF where the BAML offers other ways to instantiate types that leads to an elevation of privilege. For more information see CVE-2023-29326.

CVE-2023-24895 - .NET Framework Remote Code Execution Vulnerability
This security update addresses a vulnerability in the WPF XAML parser where an unsandboxed parser can lead to remote code execution. For more information see CVE-2023-24895.

CVE-2023-24936 - .NET Framework Elevation of Privilege Vulnerability
This security update addresses a vulnerability in bypass restrictions when deserializing a DataSet or DataTable from XML, leading to an elevation of privilege. For more information see CVE-2023-24936.

CVE-2023-29331 - .NET Framework Denial of Service Vulnerability
This security update addresses a vulnerability where the AIA fetching process for client certificates can lead to denial of service. For more information see CVE 2023-29331.

CVE-2023-32030 - .NET Framework Denial of Service Vulnerability
This security update addresses a vulnerability where X509Certificate2 file handling can lead to denial of service. For more information see CVE-2023-32030.

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions.

5027533 Description of the Security Only Update for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5027533)

Known issues in this update

Symptom

This update may impact how .NET Framework runtime imports X.509 Certificates. For more information about this issue, see KB5025823

Workaround

To mitigate this issue, see KB5025823.

Symptom

This update may impact scenarios where .NET framework 3.5 scenarios might crash during startup whenever an instrumenting profiler is active

Workaround

To mitigate this issue, see KB5028920.

How to get this update

Before installing this update

Prerequisite:

To apply this update, you must have .NET Framework 3.5 installed.

Install this update

Release Channel	Available	Next Step
Windows Update and Microsoft Update	No	See the other options below.
Microsoft Update Catalog	Yes	To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)	Yes	This individual .NET Framework product update will be installed, as applicable, by applying the operating system update. For more information about operating system updates see additional information about this update section.

Restart requirement

You may need to restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update.

Update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20230613 Security update deployment information: June 13, 2023

File Information

File hash information

File name	SHA256 hash
windows8.1-kb5027116-x86.msu	155049BACEB2E4DF5E4BD4E32866E6ADB4ABCB1E5373F3508185CE536EAB2986
windows8.1-kb5027116-x64.msu	17510515F4C387ED83092A168C66529EF624E34E7055AA9856493F95119B70E4

File name	File version	File size	Date	Time	Platform
Presentationframework.dll	3.0.6920.8954	5,292,032	24-Apr-2023	00:27	x86
Reachframework.dll	3.0.6920.8954	536,576	24-Apr-2023	00:27	x86
System.dll	2.0.50727.8970	3,211,264	05-May-2023	00:20	x86
Windowsbase.dll	3.0.6920.8954	1,257,472	24-Apr-2023	00:27	x86
Big5.nlp	Not applicable	66,728	24-Apr-2023	00:20	Not applicable
Bopomofo.nlp	Not applicable	82,172	24-Apr-2023	00:20	Not applicable
Ksc.nlp	Not applicable	116,756	24-Apr-2023	00:20	Not applicable
Mscorlib.dll	2.0.50727.8970	4,628,480	05-May-2023	00:20	x86
Normidna.nlp	Not applicable	59,342	24-Apr-2023	00:20	Not applicable
Normnfc.nlp	Not applicable	45,794	24-Apr-2023	00:20	Not applicable
Normnfd.nlp	Not applicable	39,284	24-Apr-2023	00:20	Not applicable
Normnfkc.nlp	Not applicable	66,384	24-Apr-2023	00:20	Not applicable
Normnfkd.nlp	Not applicable	60,294	24-Apr-2023	00:20	Not applicable
Prc.nlp	Not applicable	83,748	24-Apr-2023	00:20	Not applicable
Prcp.nlp	Not applicable	83,748	24-Apr-2023	00:20	Not applicable
Sortkey.nlp	Not applicable	262,148	24-Apr-2023	00:20	Not applicable
Sorttbls.nlp	Not applicable	20,320	24-Apr-2023	00:20	Not applicable
Xjis.nlp	Not applicable	28,288	24-Apr-2023	00:21	Not applicable
Mscordacwks.dll	2.0.50727.8970	993,728	05-May-2023	00:20	x86
Mscorwks.dll	2.0.50727.8970	6,414,264	05-May-2023	00:20	x86
Sos.dll	2.0.50727.8970	393,152	05-May-2023	00:20	x86
Presentationcore.dll	3.0.6920.8954	4,222,976	24-Apr-2023	00:27	x86
Presentationfontcache.exe.config	Not applicable	161	24-Apr-2023	00:27	Not applicable
Wpfgfx_v0300.dll	3.0.6920.8954	1,741,192	24-Apr-2023	00:27	x86
System.data.dll	2.0.50727.8970	2,983,936	07-May-2023	00:20	x86
System.printing.dll	3.0.6920.8954	372,736	24-Apr-2023	00:27	x86
Penimc.dll	3.0.6920.8954	72,128	24-Apr-2023	00:27	x86
Presentationframework.dll	3.0.6920.8954	5,292,032	24-Apr-2023	00:27	x86
Presentationhostdll.dll	3.0.6920.8954	134,552	24-Apr-2023	00:27	x86
Reachframework.dll	3.0.6920.8954	536,576	24-Apr-2023	00:27	x86
Windowsbase.dll	3.0.6920.8954	1,257,472	24-Apr-2023	00:27	x86

File name	File version	File size	Date	Time	Platform
Big5.nlp	Not applicable	66,728	11-Apr-2023	01:37	Not applicable
Bopomofo.nlp	Not applicable	82,172	11-Apr-2023	01:37	Not applicable
Ksc.nlp	Not applicable	116,756	11-Apr-2023	01:37	Not applicable
Mscorlib.dll	2.0.50727.8970	4,644,864	05-May-2023	00:21	x64
Normidna.nlp	Not applicable	59,342	11-Apr-2023	01:37	Not applicable
Normnfc.nlp	Not applicable	45,794	11-Apr-2023	01:37	Not applicable
Normnfd.nlp	Not applicable	39,284	11-Apr-2023	01:37	Not applicable
Normnfkc.nlp	Not applicable	66,384	11-Apr-2023	01:37	Not applicable
Normnfkd.nlp	Not applicable	60,294	11-Apr-2023	01:37	Not applicable
Prc.nlp	Not applicable	83,748	11-Apr-2023	01:37	Not applicable
Prcp.nlp	Not applicable	83,748	11-Apr-2023	01:37	Not applicable
Sortkey.nlp	Not applicable	262,148	11-Apr-2023	01:37	Not applicable
Sorttbls.nlp	Not applicable	20,320	11-Apr-2023	01:37	Not applicable
Xjis.nlp	Not applicable	28,288	11-Apr-2023	01:37	Not applicable
Mscordacwks.dll	2.0.50727.8970	1,760,664	05-May-2023	00:21	x64
Mscorwks.dll	2.0.50727.8970	10,626,456	05-May-2023	00:21	x64
Sos.dll	2.0.50727.8970	489,360	05-May-2023	00:21	x64
System.dll	2.0.50727.8970	3,211,264	05-May-2023	00:21	x86
Presentationcore.dll	3.0.6920.8954	4,006,400	19-Apr-2023	00:20	x64
Presentationfontcache.exe.config	Not applicable	161	11-Apr-2023	01:40	Not applicable
Wpfgfx_v0300.dll	3.0.6920.8954	2,259,352	19-Apr-2023	00:20	x64
System.data.dll	2.0.50727.8970	3,158,016	07-May-2023	00:20	x64
System.printing.dll	3.0.6920.8954	358,400	19-Apr-2023	00:20	x64
Penimc.dll	3.0.6920.8954	88,968	19-Apr-2023	00:20	x64
Presentationframework.dll	3.0.6920.8954	4,648,960	19-Apr-2023	00:20	x86
Presentationhostdll.dll	3.0.6920.8954	175,512	19-Apr-2023	00:20	x64
Reachframework.dll	3.0.6920.8954	536,576	19-Apr-2023	00:20	x86
Windowsbase.dll	3.0.6920.8954	1,118,208	19-Apr-2023	00:20	x86
Presentationframework.dll	3.0.6920.8954	5,292,032	24-Apr-2023	00:27	x86
Reachframework.dll	3.0.6920.8954	536,576	24-Apr-2023	00:27	x86
System.dll	2.0.50727.8970	3,211,264	05-May-2023	00:20	x86
Windowsbase.dll	3.0.6920.8954	1,257,472	24-Apr-2023	00:27	x86
Big5.nlp	Not applicable	66,728	24-Apr-2023	00:20	Not applicable
Bopomofo.nlp	Not applicable	82,172	24-Apr-2023	00:20	Not applicable
Ksc.nlp	Not applicable	116,756	24-Apr-2023	00:20	Not applicable
Mscorlib.dll	2.0.50727.8970	4,628,480	05-May-2023	00:20	x86
Normidna.nlp	Not applicable	59,342	24-Apr-2023	00:20	Not applicable
Normnfc.nlp	Not applicable	45,794	24-Apr-2023	00:20	Not applicable
Normnfd.nlp	Not applicable	39,284	24-Apr-2023	00:20	Not applicable
Normnfkc.nlp	Not applicable	66,384	24-Apr-2023	00:20	Not applicable
Normnfkd.nlp	Not applicable	60,294	24-Apr-2023	00:20	Not applicable
Prc.nlp	Not applicable	83,748	24-Apr-2023	00:20	Not applicable
Prcp.nlp	Not applicable	83,748	24-Apr-2023	00:20	Not applicable
Sortkey.nlp	Not applicable	262,148	24-Apr-2023	00:20	Not applicable
Sorttbls.nlp	Not applicable	20,320	24-Apr-2023	00:20	Not applicable
Xjis.nlp	Not applicable	28,288	24-Apr-2023	00:21	Not applicable
Mscordacwks.dll	2.0.50727.8970	993,728	05-May-2023	00:20	x86
Mscorwks.dll	2.0.50727.8970	6,414,264	05-May-2023	00:20	x86
Sos.dll	2.0.50727.8970	393,152	05-May-2023	00:20	x86
Presentationcore.dll	3.0.6920.8954	4,222,976	24-Apr-2023	00:27	x86
Presentationfontcache.exe.config	Not applicable	161	24-Apr-2023	00:27	Not applicable
Wpfgfx_v0300.dll	3.0.6920.8954	1,741,192	24-Apr-2023	00:27	x86
System.data.dll	2.0.50727.8970	2,983,936	07-May-2023	00:20	x86
System.printing.dll	3.0.6920.8954	372,736	24-Apr-2023	00:27	x86
Penimc.dll	3.0.6920.8954	72,128	24-Apr-2023	00:27	x86
Presentationframework.dll	3.0.6920.8954	5,292,032	24-Apr-2023	00:27	x86
Presentationhostdll.dll	3.0.6920.8954	134,552	24-Apr-2023	00:27	x86
Reachframework.dll	3.0.6920.8954	536,576	24-Apr-2023	00:27	x86
Windowsbase.dll	3.0.6920.8954	1,257,472	24-Apr-2023	00:27	x86

How to obtain help and support for this update

Help for installing updates: Windows Update FAQ
Protect yourself online and at home: Windows Security support
Local support according to your country: International Support

June 13, 2023-Security Only Update for .NET Framework 3.5 for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5027116)

Summary

Additional information about this update

Known issues in this update

How to get this update

File Information

File hash information

How to obtain help and support for this update

Need more help?

Want more options?

Was this information helpful?

Thank you for your feedback!

Summary

Additional information about this update

Known issues in this update

How to get this update

File Information

File hash information

For all supported x86-based versions

For all supported x64-based versions

How to obtain help and support for this update

Need more help?

Want more options?

Was this information helpful?

Thank you for your feedback!