CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%
Release Date:
February 9, 2021Version: .NET Framework 4.8
Security ImprovementsThis security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111.Quality ImprovementsASP.NET | - Addresses an issue where after installing the update released on October 20th, some ASP.Net applications fail during precompilation โ likely with a message that contains the words โError ASPCONFIG.โ |
---|---|
WPF1 | - Addresses a hang when scrolling to the end of a TreeView, when layout rounding is enabled and DPI scaling is not 100%. |
CLR | - Improves the reliability of automatic Native Image generation task. |
1 Windows Presentation Foundation (WPF) |
Symptom| After installing this update, WPF apps may crash with a callstack similar to`
Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)
at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()
This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps. ---|--- **Workaround**| To work around this problem, set two AppContext switches using one of the methods described in [AppContext Class (System)](<https://docs.microsoft.com/en-us/dotnet/api/system.appcontext?view=netcore-3.1#remarks>) under the heading โAppContext for library consumersโ. The switches are named**Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix**and**Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix** and both should be set to โtrueโ. The first switch avoids the crash, but re-introduces the bug fixed in the KBs. The second switch is currently ignored, but will be recognized in a future .NET update that contains a fix for the null-reference crash; it restores the original bug fix.For example, using the app.config file method to apply the workaround at application scope:
<AppContextSwitchOverrides value="Switch.System.Windows.Interop.MouseInput.OptOutOfMoveToChromedWindowFix=true; Switch.System.Windows.Interop.MouseInput.DoNotOptOutOfMoveToChromedWindowFix=true " />
`
Install this update****Release Channel | Available | Next Step |
---|---|---|
Windows Update and Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) | Yes | This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 10 Version 1703Classification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for cumulative update. |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%