Applies To.NET

Release Date:April 12, 2022

Version:.NET Framework 3.5 and 4.8

Summary

Security Improvements

This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. For more information please see CVE-2022-26832.

Quality and reliability improvements

Winforms

- Addresses a leak of IRawElementProviderSimple objects which was introduced in .NET Framework 4.8. This is an opt-in fix, add the following compatibility switch to the app.config file in order to dispose the accessible objects:

<runtime>               <!-- AppContextSwitchOverrides values are in the form of 'key1=true|false;key2=true|false  -->               <AppContextSwitchOverrides value="Switch.System.Windows.Forms.DisconnectUiaProvidersOnWmDestroy=true"/>        </runtime>

Note: that when the accessibility server application opts into this fix, the accessibility client will receive errors when accessing the disconnected provider. This is expected because the corresponding control window is destroyed. Previous behavior where the provider was returning information for destroyed controls was incorrect.

NET Libraries

- Addresses an issue when Ssl negotiation can hang indefinitely when client certificates are used when TLS 1.3 is negotiated. Before the change renegotiation (PostHandshakeAuthentiction) would fail and SslStream or HttpWebRequest would observe a timeout.

Known issues in this update

Microsoft is not currently aware of any issues in this update.

How to get this update

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Windows Update for Business

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Product: Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2

Classification: Security Updates

File information

For a list of the files that are provided in this update, download the file information for cumulative update.

Information about protection and security

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.