CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
47.2%
Release Date:
April 12, 2022 Version: ** .NET Framework 3.5 and 4.8**
Security Improvements This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. For more information please see CVE-2022-26832.** Quality and reliability improvements** Winforms | - Addresses a leak of IRawElementProviderSimple objects which was introduced in .NET Framework 4.8. This is an opt-in fix, add the following compatibility switch to the app.config file in order to dispose the accessible objects: <runtime>
<!-- AppContextSwitchOverrides values are in the form of 'key1=true|false;key2=true|false â>
<AppContextSwitchOverrides value=âSwitch.System.Windows.Forms.DisconnectUiaProvidersOnWmDestroy=trueâ/>
</runtime> Note: that when the accessibility server application opts into this fix, the accessibility client will receive errors when accessing the disconnected provider. This is expected because the corresponding control window is destroyed. Previous behavior where the provider was returning information for destroyed controls was incorrect.
â|â
NET Libraries | - Addresses an issue when Ssl negotiation can hang indefinitely when client certificates are used when TLS 1.3 is negotiated. Before the change renegotiation (PostHandshakeAuthentiction) would fail and SslStream or HttpWebRequest would observe a timeout.
Microsoft is not currently aware of any issues in this update.
Install this update****Release Channel | Available | Next Step |
---|---|---|
Windows Update and Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Windows Update for Business | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) | Yes | This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Microsoft server operating system version 21H2Classification: Security Updates File information For a list of the files that are provided in this update, download the file information for cumulative update. |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
47.2%