Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4601056
HistoryFeb 09, 2021 - 8:00 a.m.

February 9, 2021-KB4601056 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909

2021-02-0908:00:00
Microsoft
support.microsoft.com
44
security update
denial of service
.net framework

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

February 9, 2021-KB4601056 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909

Release Date:
February 9, 2021Version: .NET Framework 3.5 and 4.8

Summary

This security update addresses a denial of service vulnerability in .NET Framework. For more information please see CVE-2021-24111.

Known issues in this update

Symptom| After installing this update, WPF apps may crash with a callstack similar to`

Exception Info: System.NullReferenceException at System.Windows.Interop.HwndMouseInputProvider.HasCustomChrome(System.Windows.Interop.HwndSource, RECT ByRef)
at System.Windows.Interop.HwndMouseInputProvider.GetEffectiveClientRect(IntPtr)
at System.Windows.Interop.HwndMouseInputProvider.PossiblyDeactivate(IntPtr, Boolean)
at System.Windows.Interop.HwndMouseInputProvider.Dispose()

`This occurs when disposing an HwndSource whose RootVisual is null, a situation that arises in Visual Studio when docking or splitting windows, and could arise in other apps.
—|—
Workaround| This issue is resolved in KB4601556.

How to get this update

Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 10, version 1909, and Windows Server, version 1909Classification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for cumulative update.

Information about protection and security

Related

nessus 3
nvd 1
mskb 15
openvas 8
cve 1
redhatcve 1
mscve 1
cvelist 1
prion 1
kaspersky 1
rapid7blog 1
nessus
nessus
Security Updates for Microsoft .NET Framework (February 2021)
2022-12-05 00:00:00
KB4601318: Windows 10 Version 1607 and Windows Server 2016 February 2021 Security Update
2021-02-09 00:00:00
KB4601354: Windows 10 Version 1803 February 2021 Security Update
2021-02-09 00:00:00
nvd
nvd
CVE-2021-24111
2021-02-25 23:15:16
mskb
mskb
February 9, 2021-KB4601052 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
2000-01-01 00:00:00
Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4602958)
2021-02-09 08:00:00
February 9, 2021-KB4601887 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
2021-02-09 08:00:00
openvas
openvas
Microsoft .NET Framework Denial of Service Vulnerability (KB4601887)
2021-02-10 00:00:00
Microsoft .NET Framework Denial of Service Vulnerability (KB4603004)
2021-02-10 00:00:00
Microsoft .NET Framework Denial of Service Vulnerability (KB4601056)
2021-02-10 00:00:00
cve
cve
CVE-2021-24111
2021-02-25 23:15:16
redhatcve
redhatcve
CVE-2021-24111
2021-03-01 16:03:32
mscve
mscve
.NET Framework Denial of Service Vulnerability
2021-02-09 08:00:00
cvelist
cvelist
CVE-2021-24111 .NET Framework Denial of Service Vulnerability
2021-02-25 23:01:57
prion
prion
Denial of service
2021-02-25 23:15:00
kaspersky
kaspersky
KLA12073 Multiple vulnerabilities in Microsoft Developer Tools
2021-02-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2021
2021-02-09 23:51:27

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON
Related for KB4601056
nessus3nvd1mskb15openvas8cve1redhatcve1mscve1cvelist1prion1kaspersky1rapid7blog1