Security News > 2023 > February > Microsoft sweeps up after breaking .NET with December security updates
Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of.
Some users who installed the security updates for those developer platforms saw problems with how Windows Presentation Foundation applications rendered XPS documents.
"Additionally, some inline images may not display correctly, or Null reference exceptions might happen when XPS documents are loaded into WPF-based readers."
A second workaround called for using a registry entry to disable the enhanced security operation, with Microsoft cautioning that the move "Should only be done if you know for certain that all XPS documents your system processes are trustable, for example they are generated by your system, rather than uploaded to your system, and they cannot be changed by anyone."
Micrsoft;'s hard pressed users can continue to use Windows' built-in XPS viewer application to safely view untrusted XPS documents.
They can get the out-of-band update package through the Microsoft Update Catalog or manually import the fixes into Windows Server Update Services and Microsoft Endpoint Configuration Manager.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/01/microsoft_fix_dotnet_xps/
Related news
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)