Applies To.NET

Release Date:January 11, 2022

Version: .NET Framework 4.8

Summary

Security Improvements

This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. For more information please see CVE-2022-21911.

Quality and reliability improvements

WPF1

- Addresses an issue where WPF does not respond to touch if the WPF window was activated by a touch manipulation (e.g. swiping a listbox).

- Adds a mitigation for an issue involving tearing, flickering, or incorrect composition of visual content under high GPU-load conditions.

- Addresses an issue where the extra information associated with a WM_KEYDOWN message is discarded before the handlers for the PreviewKeyDown or KeyDown events can retrieve it via GetMessageExtraInfo.

- Addresses an issue where AutomationElement.FindFirst or FindAll do not search the subtree of an hwnd whose UIA_WindowVisibilityOverridden property is set to 1.

- Addresses an issue where a binding on TextBox.Text with UpdateSourceTrigger=PropertyChanged produces incorrect results when the Microsoft Quick IME is used.

SQL Connectivity

- Under certain error cases caused due to NullReferenceException thrown while populating SqlParameter values using customer provided delegates, the SqlClient driver may not cleanup the state of connection state. The connection in bad state, can make its way into the connection pool and may be picked up for reuse causing unexpected failures on the connection. If such a condition is recognized, an AppContext Switch “Switch.System.Data.SqlClient.CleanupParserOnAllFailures”, may be enabled to clean up connections on any kind of failures even while running into errors with delegates.

WCF2

- Addresses a failure to correctly timeout a failed request when making an asynchronous WCF call over HTTP. If the service has sent a partial response message and fails to send the remainder of the response, the client may not fail the call after the configured timeout.

1 Windows Presentation Foundation (WPF)2 Windows Communication Foundation (WCF)

Known issues in this update

Microsoft is not currently aware of any issues in this update.

How to get this update

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Windows Update for Business

Yes

None. This update will be downloaded and installed automatically from Windows Update.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

Yes

This update will automatically sync with WSUS if you configure Products and Classifications as follows:

Product: Windows 10, version 1607 and Windows Server, version 2016

Classification: Security Updates

File information

For a list of the files that are provided in this update, download the file information for cumulative update.

Information about protection and security

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.