Microsoft sweeps up after breaking .NET with December security updates

Microsoft this week rolled retired fixes to issues caused by information updates released successful December 2022 that botched really XPS documents are displayed successful various versions of .NET and .NET Framework.

Some users who installed nan information updates for those developer platforms saw problems pinch really Windows Presentation Foundation (WPF) applications rendered XPS documents. The out-of-band emergency fixes onshore aft Microsoft issued 2 different workarounds.

"XPS documents which utilize structural aliases semantic elements for illustration array structure, storyboards, aliases hyperlinks whitethorn not show correctly successful WPF-based readers," nan vendor wrote connected nan Window Health Dashboard page. "Additionally, immoderate inline images whitethorn not show correctly, aliases Null reference exceptions mightiness hap erstwhile XPS documents are loaded into WPF-based readers."

Microsoft listed nan 7 affected .NET versions successful nan dashboard notice.

The Windows shaper initially outlined a compatibility workaround that included downloading a PowerShell book written to reside nan rumor and moving a bid wrong a PowerShell prompt. A connection would show nan personification whether nan bid worked; if not, location was a process for removing nan workaround.

A 2nd workaround called for utilizing a registry introduction to disable nan enhanced information operation, pinch Microsoft cautioning that nan move "should only beryllium done if you cognize for definite that each XPS documents your strategy processes are trustable, for illustration they are generated by your system, alternatively than uploaded to your system, and they cannot beryllium changed by anyone."

Enterprises were warned not to move disconnected nan information functionality if they took XPS documents from specified untrusted sources arsenic nan net aliases emails from outer entities.

• Attackers maltreatment Microsoft's 'verified publisher' position to bargain data
• Microsoft upgrades Defender to fastener down Linux cogwheel for its ain good
• Microsoft Office 365 Cloud has a concealed lining
• Gootloader malware updated pinch PowerShell, sneaky JavaScript

The PowerShell book successful nan first workaround addresses compatibility issues, truthful it won't disable nan December information updates. However, pinch nan registry workaround, nan strategy is susceptible to threats because it disables nan WPF information of nan information fixes, which is nan logic down nan informing astir untrusted sources.

Micrsoft;'s difficult pressed users tin proceed to usage Windows' built-in XPS spectator exertion to safely position untrusted XPS documents.

And they tin get nan out-of-band update package done nan Microsoft Update Catalog aliases manually import nan fixes into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. The updates won't instal automatically connected nan systems.

The updates released this week reside nan rumor for immoderate versions of .NET Framework and Microsoft said it is hoping to reconstruct compatibility and hole nan underlying information rumor for nan different affected versions successful a later update.

The institution besides recommended that Windows administrators usage nan latest fixes and region immoderate of nan earlier workaround. ®