Windows 11 v22H2 has obtained a new patch for .Net Framework 4.8.1 and 3.5 for scheduled maintenance and improvement of reliability on 13/06/2023. KB5027119 is the release that contains bug fixes for the vulnerabilities CVE-2023-24897, CVE-2023-29326, CVE-2023-24895, CVE-2023-24936, CVE-2023-29331, and CVE-2023-29330.:
Full name of this update is “2023-06 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5027119)” See: Windows 11 KB5022497 .NET Framework 4.8.1 and 3.5 22H2 Rolled out. Let’s have a look at the changes in this release:
Table of Contents
KB5027119 .Net Framework 4.8.1 and 3.5 for Windows 11 22H2
Here is the changelog –
Improvements and bug fixes
CVE-2023-24897: .NET Framework Remote Code Execution Vulnerability
This security update focuses on resolving a vulnerability found in the MSDIA SDK. The vulnerability involves corrupted PDBs that can trigger a heap overflow, potentially resulting in a crash or enabling remote code execution. Further details can be found in the CVE-2023-24897 advisory.
CVE-2023-29326: .NET Framework Remote Code Execution Vulnerability
This security update aims to fix a vulnerability present in WPF (Windows Presentation Foundation). The vulnerability arises from the BAML (Binary Application Markup Language), which provides alternative means to instantiate types, consequently creating a risk of privilege escalation. For additional details, please refer to the CVE-2023-29326 advisory.
CVE-2023-24895: .NET Framework Remote Code Execution Vulnerability
This security update resolves a vulnerability found in the WPF (Windows Presentation Foundation) XAML parser. The vulnerability involves an unsandboxed parser that could potentially result in remote code execution. For more details, please refer to the CVE-2023-24895 advisory.
CVE-2023-24936: .NET Framework Elevation of Privilege Vulnerability
This security update focuses on fixing a vulnerability related to bypassing restrictions during the deserialization of a DataSet or DataTable from XML. Exploiting this vulnerability could potentially result in an elevation of privilege. For further information, please consult the CVE-2023-24936 advisory.
CVE-2023-29331: .NET Framework Denial of Service Vulnerability
This security update resolves a vulnerability in the AIA (Authority Information Access) fetching process for client certificates. The vulnerability can be exploited to cause a denial-of-service condition. For additional details, please refer to the CVE-2023-29331 advisory.
CVE-2023-29330: .NET Framework Denial of Service Vulnerability
This security update resolves a vulnerability related to X509Certificate2 file handling, which can potentially lead to a denial-of-service situation. To learn more about this vulnerability, please refer to the CVE-2023-32030 advisory.
Known issues
Symptom
Upon installing this update, it is important to note that there might be a change in behavior for WPF (Windows Presentation Foundation) apps. For detailed information regarding this matter, please refer to the KB5025823 article.
Workaround
To mitigate this issue, navigate to KB5025823.
How to download KB5027119 and install on Windows 11 22H2
You can download KB5027119 and install using 2 methods:
1] Using Automatic Windows Update
- Press Windows and I keys on the keyboard.
- Select Window Update from the left pane of Settings.
- Go to the right side.
- Click on Check for updates.
- Wait for the competition of the download of the patch and select – Restart now.
2] Through Microsoft Update Catalog
- Go to the KB5027119 direct download link – Microsoft Update Catalog.
- Locate the appropriate file for your device and click on Download.
- Click on the link to the Standalone file and allow the downloading to complete.
- Then go to the folder and double click on
windows11.0-kb5027119-x64-ndp481_604c0d1f3bd95ee4e06048ca115ffefac024d77a.msu
or
windows11.0-kb5027119-arm64-ndp481_23b07f3c24fee0cbf16241850574d9f01fe9f4b3.msu
- Click Yes when confirmation prompt appears.
Source: Release note.
That’s all!!