August 11, 2020
.NET Framework 4.8
An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET Framework handle requests.
To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).
Quality and reliability improvements
- A change in .NET Framework 4.8 regressed certain EnterpriseServices scenarios where an single-thread apartment object may be treated as an multi-thread apartment and lead to a blocking failure. This change now correctly identifies single-thread apartment objects as such and avoids this failure.
- Addresses an issue in assemblies with IBC profile data causing Ngen worker processes to crash and fall back to full native images.
- Addresses rare crashes that could occur during thread abort delivery.
- SqlBulkCopy.WriteToServer can cause transactions to in-memory SQL tables, to fail. The client may see an exception with message "Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding." SqlBulkCopy.WriteToServer was sending an Attention token (cancellation message) after sending data to Sql Server, causing the server to abort the transaction for in-memory tables.
- Use FIPS-compliant hashes in ASP.Net telemetry data.
- Addresses an issue where "Unspecified" was not an allowed value in config for the 'cookieSameSite' attribute of the forms authentication and session state configuration sections.
- Addresses an issue when spell-checking is enabled in WPF TextBox or RichTextBox, words like “etc.”, “e.g.” are identified as spelling errors incorrectly.
- Addresses an issue when some Per-Monitor Aware WPF applications that run on .NET 4.8 may occasionally encounter a crash with exceptionSystem.ComponentModel.Win32Exception.
- Addresses an issue where TextBlock reflows (makes different line-breaking decisions) during render and hit-test, vs. during measure. The symptoms include missing text, and FailFast crashes during programmatic text processing.
- Addresses an issue with a render thread failure caused by HostVisual disconnecting its target on the wrong thread.
- Addresses an issue with a hang while scrolling a TreeView whose tree is non-uniform, in the sense thata given node's children govern subtrees whose sizes are quite different.
- Addresses an issue with a crash that can occur when closing a tooltip that is re-entrantly closed by user code.
- When an HwndHost leaves the visual tree, a stack trace is created. This is expensive, and usually unnecessary. The logic is now changed to create the stack trace only when the anomalous condition occurs.
- Addresses a memory leak in System.Speech.SpeechSynthesizer.
- DataGrid's Copy command throws an exception if the system clipboard is locked by another process. This crashes, as there is usually no app code on the stack to catch the exception. The behavior of TextBox (and other apps like Notepad, Word, browsers) in this situation is to fail silently - nothing is copied to the clipboard, but no exception. A WPF app can now opt-in to this behavior by setting <appSettings> <add key="ShouldThrowOnDataGridCopyOrCutFailure" value="false"/> </appSettings>in its app.config file.
- Addresses an issue in constructing the internal model for a FixedPage document. Some text was appearing in the wrong order for the purposes of editing operations such as selection and copy/paste.
- When using a UPN Windows username with the format similar to firstname.lastname@example.org in the username property of a NetworkCredential when using NetTcpBinding or NetNamedPipeBinding, WCF would incorrectly split the username and dns.domain placing them into the UserName and Domain properties. This is invalid in some scenarios and would result in failing to authenticate. This fix removes the credential modification when using a UPN username. The modification can be re-enabled by setting the AppSetting "wcf:enableLegacyUpnUsernameFix" to true.
- Addresses a memory leak in HttpListener.
- Addresses an issue with DataGridView IsReadOnlyaccessibility state: Narrator and other accessible tool announces read-only cell status accordingly.
- Addresses a regression in .NET Framework 4.8 when applications using the DataGridView ComboBox cell type and have opted into Level 3 Accessibility, may experience intermittent crashes while editing the cell.
- Addresses an issue in ClickOnce RFC3161 timestamp verification code.
Winforms Accessibility Improvements
In this release we are adding new accessibility improvements that your application can opt-in into. By default these changes are disabled. Applications that opt-in into accessibility features introduced in .NET 4.8 and earlier, can add the following compatibility switch to the application's config file:
Specifically, if an application targets .NET 4.8, add the following AppContextSwitchOverrides section:
<?xml version="1.0" encoding+"utf-8" ?>
If an application targets an earlier version of the framework and opts in into the previously release sets of accessibility features, then add a single "Switch.UseLegacyAccessibilityFeatures.4=false" switch to the existing AppContextSwitchOverrides section:
<?xml version="1.0" encoding+"utf-8" ?>
Winforms accessibility improvements included in this release are:
1 Common Language Runtime (CLR)
2 Windows Presentation Foundation (WPF)
3 Windows Communication Foundation
Known issues in this update
Windows Presentation Framework (WPF) applications that use two or more HostVisual elements belonging to a common thread, where both HostVisual elements are asked to disconnect from their visual target at roughly the same time, mail fail with the following error:
Exception type: System.COMException
Message: UCEERR_RENDERTHREADFAILURE (HRESULT 0x88980406)
Callstack: top frame is System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
You can disable the problematic fix by setting the AppContext switch “Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread” to true, using one of the methods described here. This exposes your app to the original bug, so you should remove the switch once a fix is published through an upcoming update.
• Add the following entry to the app.config file to disable the problematic fix in a single application.
Note that if your application configuration already has an entry for <AppContextSwitchOverrides>, you need to add the new setting within that entry, separated from other switches by a semicolon:
<AppContextSwitchOverrides value="Switch.SomeOtherSwitch=true; Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread=true"/>
• Apply the following registry subkey to disable the problematic fix for all WPF applications on the machine.
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
Note that on 64-bit operating systems, you also need to apply a registry subkey with the same name, type, and value at the location: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\AppContext\
We are working on a resolution and will provide an update in an upcoming release.
How to get this update
Install this update
Windows Update and Microsoft Update
None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product:Windows 10 Version 1709
Classification: Security Updates
For a list of the files that are provided in this update, download the file information for cumulative update.