Jump to content
  • Microsoft: Patch Tuesday broke .NET on Windows 11/10, these OOB updates resolved the issues


    Karlston

    • 1.2k views
    • 5 minutes
     Share


    • 1.2k views
    • 5 minutes

    Microsoft released Patch Tuesday updates on Windows 10 (KB5027215, among others), and Windows 11 (KB5027231) on June 13, which was the second Tuesday of the month. The update addressed security issues, among other bugs. Aside from OS security, Patch Tuesday also fixed security issues in Office 2013 and 2016, for both 32-bit and 64-bit versions. The company also announced the arrival of a full-screen notice about Windows Hello that will now be displayed on both Windows 11 as well as Windows 10.

     

    And as is often the case, there are major bugs affecting it as well. On Windows 11, Patch Tuesday was causing Malwarebytes to go a bit haywire and block Google Chrome. Meanwhile, users reported that Windows 10 updates were having installation issues.

     

    Microsoft has now also patched an issue related to how the .NET Framework runtime update on June 13 would affect the imports of X.509 Certificates. Unlike how they functioned before, there the additional validation could now lead to CryptographicException error.

     

    Description of change

     

    Prior to the June 13, 2023, change, when .NET Framework and .NET is presented with a binary certificate blob for import, .NET Framework and .NET would typically delegate validation and import of the blob to the underlying OS. For example, on Windows, .NET Framework and .NET would typically rely on the PFXImportCertStore API for validation and import.

     

    As of the June 13, 2023, change, when .NET Framework and .NET is presented with a binary certificate blob for import, .NET Framework and .NET will in some circumstances perform additional validation before handing the blob to the underlying OS. This additional validation performs a series of heuristic checks to determine if the incoming certificate would maliciously exhaust resources upon import. Since this is additional validation beyond what the underlying OS would normally perform, it may block certificate blobs which would have successfully imported prior to the June 13, 2023, change.

     

    Microsoft has also detailed the symptoms of the issue:

     

    Symptom

     

    When using the X509Certificate, X509Certificate2, or X509Certificate2Collection class to import a PKCS#12 blob containing a private key, the calling application may observe the below exception.

     

    System.Security.Cryptography.CryptographicException: PKCS12 (PFX) without a supplied password has exceeded maximum allowed iterations.

     

    This failure affects PKCS#12 blobs which have been exported [e.g., via X509Certificate.Export(X509ContentType.Pfx)] without a password. The failure may occur non-deterministically.

     

    A workaround for the problem had been deployed on affected systems, though the company states that any registry changes made to work around the problem must be reverted:

     

    Workaround

     

    Microsoft has released updated installers for .NET Framework and .NET to address this issue. These installers can be applied to the affected machine regardless of whether the machine has already applied the original June 13, 2023, .NET Framework and .NET security updates.

     

    Important:

     

    If you previously used the registry switches documented at KB5025823 Change in how .NET applications import X.509 certificates to work around this issue, please remove those registry switches before installing the new patch. Run the two commands below from an elevated command prompt to remove the registry switches.

     

    reg delete "HKLM\Software\Microsoft\.NETFramework" /v Pkcs12UnspecifiedPasswordIterationLimit /reg:32

     

    reg delete "HKLM\Software\Microsoft\.NETFramework" /v Pkcs12UnspecifiedPasswordIterationLimit /reg:64

     

    These issues are addressed on Windows 10 as well as Windows 11, and more with the following out-of-band updates that can be manually downloaded from the Microsoft Update Catalog website.

     

    Product Version

     

    Update

     

     

     

    Windows 11, version 22H2

     

     

     

     

     

    .NET Framework 4.8.1

     

    Catalog

     

    5028576

     

    Windows 11, version 21H2

     

       

    .NET Framework 4.8

     

    Catalog

     

    5028582

     

    .NET Framework 4.8.1

     

    Catalog

     

    5028575

     

    Windows Server 2022

     

       

    .NET Framework 4.8

     

    Catalog

     

    5028584

     

    .NET Framework 4.8.1

     

    Catalog

     

    5028578

     

    Azure Stack HCI, version 22H2

     

     

     

     

     

    .NET Framework 4.8

     

    Catalog

     

    5028584

     

    Azure Stack HCI, version 21H2

     

     

     

     

     

    .NET Framework 4.8

     

    Catalog

     

    5028584

     

    Windows 10 Version 22H2

     

    .NET Framework 4.8

     

    Catalog

     

    5028579

     

    .NET Framework 4.8.1

     

    Catalog

     

    5028574

     

    Windows 10 Version 21H2

     

    .NET Framework 4.8

     

    Catalog

     

    5028579

     

    .NET Framework 4.8.1

     

    Catalog

     

    5028574

     

    Windows 10 1809 (October 2018 Update) and Windows Server 2019

     

       

    .NET Framework 4.7.2

     

    Catalog

     

    5028588

     

    .NET Framework 4.8

     

    Catalog

     

    5028581

     

    Windows 10 1607 (Anniversary Update) and Windows Server 2016

     

       

    .NET Framework 4.8

     

    Catalog

     

    5028580

     

    Windows Embedded 8.1 and Windows Server 2012 R2

     

     

     

     

     

    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

     

    Catalog

     

    5028590

     

    .NET Framework 4.8

     

    Catalog

     

    5028585

     

    Windows Embedded 8 and Windows Server 2012

     

     

     

     

     

    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

     

    Catalog

     

    5028589

     

    .NET Framework 4.8

     

    Catalog

     

    5028583

     

    Windows Embedded 7 Standard and Windows Server 2008 R2 SP1

     

     

     

     

     

    .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

     

    Catalog

     

    5028591

     

    .NET Framework 4.8

     

    Catalog

     

    5028586

     

    all supported Windows versions

     

     

     

     

     

    .NET 6.0.19

     

    Catalog

     

    5028613

     

    .NET 7.0.8

     

    Catalog

     

    5028614

     

     

    You may find more details about the issue on Microsoft's official website on this page (KB5028608).

     

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...