Release Date:June 22, 2022

[07/04/2023] revised to include missing versions for Windows 10, version 1607 and 1507

[07/24/2023] revised to add release details for July 11, 2023 Security and Quality Rollup resolution

Summary

This article provides help to mitigate an issue when after installing the June 13, 2023, updates for .NET Framework and .NET, users may experience issues with how .NET Framework runtime imports X.509 Certificates.

Symptom

When using the X509Certificate, X509Certificate2, or X509Certificate2Collection class to import a PKCS#12 blob containing a private key, the calling application may observe the below exception.

  • System.Security.Cryptography.CryptographicException: PKCS12 (PFX) without a supplied password has exceeded maximum allowed iterations. See https://go.microsoft.com/fwlink/?linkid=2233907 for more information.

This failure affects PKCS#12 blobs which have been exported [e.g., via X509Certificate.Export(X509ContentType.Pfx)] without a password. The failure may occur non-deterministically.

Workaround

Microsoft has released updated installers for .NET Framework and .NET to address this issue. These installers can be applied to the affected machine regardless of whether the machine has already applied the original June 13, 2023, .NET Framework and .NET security updates.

Important: 

  • If you previously used the registry switches documented at KB5025823 Change in how .NET applications import X.509 certificates to work around this issue, please remove those registry switches before installing the new patch. Run the two commands below from an elevated command prompt to remove the registry switches.

  • reg delete "HKLM\Software\Microsoft\.NETFramework" /v Pkcs12UnspecifiedPasswordIterationLimit /reg:32

  • reg delete "HKLM\Software\Microsoft\.NETFramework" /v Pkcs12UnspecifiedPasswordIterationLimit /reg:64

Resolution

This issue was addressed in out-of-band updates released June 22, 2023, for .NET Framework 4.6.2 and newer versions for Windows and Windows Server versions affected by this issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.

If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove workaround review the workaround or alternative workaround which was applied for instructions.

Product Version

Update

Windows 11, version 22H2

.NET Framework 4.8.1

Catalog

5028576

Windows 11, version 21H2

.NET Framework 4.8

Catalog

5028582

.NET Framework 4.8.1

Catalog

5028575

Windows Server 2022

.NET Framework 4.8

Catalog

5028584

.NET Framework 4.8.1

Catalog

5028578

Azure Stack HCI, version 22H2

.NET Framework 4.8

Catalog

5028584

Azure Stack HCI, version 21H2

.NET Framework 4.8

Catalog

5028584

Windows 10 Version 22H2

.NET Framework 4.8

Catalog

5028579

.NET Framework 4.8.1

Catalog

5028574

Windows 10 Version 21H2

.NET Framework 4.8

Catalog

5028579

.NET Framework 4.8.1

Catalog

5028574

Windows 10 1809 (October 2018 Update) and Windows Server 2019

.NET Framework 4.7.2

Catalog

5028588

.NET Framework 4.8

Catalog

5028581

Windows 10 1607 (Anniversary Update) and Windows Server 2016

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028623

.NET Framework 4.8

Catalog

5028580

Windows 10 1507

.NET Framework 4.6, 4.6.2

Catalog

5028622

Windows Embedded 8.1 and Windows Server 2012 R2

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028590

.NET Framework 4.8

Catalog

5028585

Windows Embedded 8 and Windows Server 2012

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028589

.NET Framework 4.8

Catalog

5028583

Windows Embedded 7 Standard and Windows Server 2008 R2 SP1

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028591

.NET Framework 4.8

Catalog

5028586

all supported Windows versions

.NET 6.0.19

Catalog

5028613

.NET 7.0.8

Catalog

5028614

This issue was addressed in regular cumulative rollup released July 11, 2023, for all supported .NET Framework versions for Windows and Windows Server versions affected by this issue.  The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.   

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove workaround review the workaround or alternative workaround which was applied for instructions.

Product Version

Update

Windows 11, version 22H2

.NET Framework 3.5, 4.8.1

Catalog

5028851

Windows 11, version 21H2

.NET Framework 3.5, 4.8

Catalog

5028856

.NET Framework 3.5, 4.8.1

Catalog

5028850

Windows Server 2022

.NET Framework 3.5, 4.8

Catalog

5028858

.NET Framework 3.5, 4.8.1

Catalog

5028852

Azure Stack HCI, version 22H2

5028935

.NET Framework 3.5, 4.8

Catalog

5028858

Azure Stack HCI, version 21H2

5028943

.NET Framework 3.5, 4.8

Catalog

5028858

Windows 10 Version 22H2

5028937

.NET Framework 3.5, 4.8

Catalog

5028853

.NET Framework 3.5, 4.8.1

Catalog

5028849

Windows 10 Version 21H2

5028944

.NET Framework 3.5, 4.8

Catalog

5028853

.NET Framework 3.5, 4.8.1

Catalog

5028849

Windows 10 1809 (October 2018 Update) and Windows Server 2019

5028936

.NET Framework 3.5, 4.7.2

Catalog

5028862

.NET Framework 3.5, 4.8

Catalog

5028855

Windows 10 1607 (Anniversary Update) and Windows Server 2016

.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028169

.NET Framework 4.8

Catalog

5028854

Windows 10 1507

.NET Framework 3.5, 4.6, 4.6.2

Catalog

5028186

Windows Embedded 8.1 and Windows Server 2012 R2

5028941

.NET Framework 3.5

Catalog

5028872

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028864

.NET Framework 4.8

Catalog

5028859

Windows Embedded 8 and Windows Server 2012

5028940

.NET Framework 3.5

Catalog

5028869

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028863

.NET Framework 4.8

Catalog

5028857

Windows Embedded 7 Standard and Windows Server 2008 R2 SP1

5028939

.NET Framework 3.5.1

Catalog

5028871

.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

Catalog

5028865

.NET Framework 4.8

Catalog

5028860

Windows Server 2008 SP2

5028942

.NET Framework 2.0, 3.0

Catalog

5028870

.NET Framework 4.6.2

Catalog

5028865

Affected updates

The following .NET Framework and .NET versions are affected:

  • .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2, when the June 13, 2022, security update is installed.

  • .NET Framework 4.8, when the June 13, 2022, security update is installed.

  • .NET Framework 4.8.1, when the June 13, 2022, security update is installed.

  • .NET 6.0.18.

  • .NET 7.0.7.

Frequently Asked Questions (FAQs)

When was this change introduced?

This change in behavior was introduced in the June 13, 2022, security updates for .NET and .NET Framework.

Is it necessary for me to install this new update?

Installing this new update is necessary only if your application is experiencing the issue described in the "Symptom" heading at the top of this article. If you are not experiencing this issue, there is no need for you to install this update.

Does this new update replace the June 13, 2023, .NET Framework update?

No. If you are using .NET Framework, you should first install the June 13, 2023 rollup or security-only updates before installing the new June 22, 2023 update.

Does this new update replace .NET 6.0.18 or .NET 7.0.7?

Yes. As part of this update, we are also releasing .NET 6.0.19 and .NET 7.0.8, both of which can be downloaded from https://get.dot.net/. These releases are intended to replace .NET 6.0.18 and .NET 7.0.7, which were released on June 13, 2023.

The only difference between .NET 6.0.19 / 7.0.8 and .NET 6.0.18 / 7.0.7 is the compatibility fix mentioned above. .NET 6.0.19 / 7.0.8 do not carry any additional security fixes beyond what was already published in .NET 6.0.18 / 7.0.7.

Information about protection and security

Precisa de mais ajuda?

Quer mais opções

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.