[German]On October 2020 Microsoft has re-released a whole bunch of .NET framework updates that were already released in July 2020. Since some users mentioned old .NET Framework updates within comments, here’s a short summary of what’s going on.
I came across this topic at two different places. Once there was this comment in my German blog, triggering discussions about .NET Framework updates. And I had read a note from Woody Leonhard on Twitter about the re-release of the July 2020 .NET Framework Updates. He briefly picked up the topic here..
.NET-Framework Updates July 2020
In July 2020, Microsoft updated the vulnerability CVE-2020-1147 in .NET Framework, SharePoint Server and Visual Studio. This is a remote code execution (RCE) vulnerability that allows attackers to execute arbitrary code through a crafted file. The vulnerability is due to a lack of validation of read XML markups. The July 2020 updates listed in the linked Microsoft article close this vulnerability.
Bug requires re-release
In the blog post .NET Framework republishing of July 2020 Security Only Updates, Microsoft pointed out in the developer blog on October 13, 2020 that the .NET Framework updates of July 2020 had to be republished due to a bug. With installed .NET Framework updates of July 2020, a TypeInitializationException exception could occur for some .NET based applications. This happened when you tried to deserialize XML data from a System.Data.DataSet or System.Data.DataTable instance within an SQL CLR stored procedure. This triggered an error message with the following stack dump:
System.TypeInitializationException: The type initializer for ‘Scope’ threw an exception.
—> System.IO.FileNotFoundException: Could not load file or assembly
‘System.Drawing, Version=220.127.116.11, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a’ or one of its dependencies. The system cannot
find the file specified. at
System.Data.TypeLimiter.Scope.IsTypeUnconditionallyAllowed(Type type) at
System.Data.TypeLimiter.Scope.IsAllowedType(Type type) at
Microsoft then revised all affected .NET Framework updates from July 2020 and released them again in October 2020. The updates are distributed via Windows Update, but are also available for download in the Microsoft Update Catalog.
These updates are available
PKCano has compiled the list of updates at Askwoody in this comment. Please note that both rollups and security-only updates appear. In this comment, Bolko gives an overview of the obsolete updates (thanks) here in my German blog. And Microsoft also lists in its blog post the KBs and catalog addresses for the revisions for older Windows versions.