Release Date:
August 11, 2020
Version:
.NET Framework 3.5 and 4.8
Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET Framework handle requests.
To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).
A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.
For more information go to: https://go.microsoft.com/fwlink/?linkid=2138023
To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).
Windows Presentation Framework (WPF) applications that use two or more HostVisual elements belonging to a common thread, where both HostVisual elements are asked to disconnect from their visual target at roughly the same time, mail fail with the following error:
Exception type: System.COMException
Message: UCEERR_RENDERTHREADFAILURE (HRESULT 0x88980406)
Callstack: top frame is System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
Workarounds
You can disable the problematic fix by setting the AppContext switch “Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread” to true, using one of the methods described here. This exposes your app to the original bug, so you should remove the switch once a fix is published through an upcoming update.
Workaround 1
• Add the following entry to the app.config file to disable the problematic fix in a single application.
<runtime>
<AppContextSwitchOverrides value="Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread=true"/>
</runtime>
Note that if your application configuration already has an entry for <AppContextSwitchOverrides>, you need to add the new setting within that entry, separated from other switches by a semicolon:
<AppContextSwitchOverrides value="Switch.SomeOtherSwitch=true; Switch.System.Windows.Media.HostVisual.DisconnectsOnWrongThread=true"/>
Workaround 2
• Apply the following registry subkey to disable the problematic fix for all WPF applications on the machine.
Warning
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\AppContext\
Name: Switch.System.Media.HostVisual.DisconnectsOnWrongThread
Type: String
Value: true
Note that on 64-bit operating systems, you also need to apply a registry subkey with the same name, type, and value at the location: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\AppContext\
Resolution
We are working on a resolution and will provide an update in an upcoming release.
Install this update
Release Channel | Available | Next Step |
Windows Update and Microsoft Update | Yes | None. This update will be downloaded and installed automatically from Windows Update. |
Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) | Yes | This update will automatically sync with WSUS if you configure Products and Classifications as follows: Product:Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909 Classification: Security Updates |
File information
For a list of the files that are provided in this update, download the file information for cumulative update .
Keywords: Vulnerabilities/exploits/security bulletins, kbContentAuto, kbSupportTopic, atdownload, kbbug, kbexpertiseinter, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew, kb, kbfix