Security News > 2023 > February > Microsoft sweeps up after breaking .NET with December security updates
Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of.
Some users who installed the security updates for those developer platforms saw problems with how Windows Presentation Foundation applications rendered XPS documents.
"Additionally, some inline images may not display correctly, or Null reference exceptions might happen when XPS documents are loaded into WPF-based readers."
A second workaround called for using a registry entry to disable the enhanced security operation, with Microsoft cautioning that the move "Should only be done if you know for certain that all XPS documents your system processes are trustable, for example they are generated by your system, rather than uploaded to your system, and they cannot be changed by anyone."
Micrsoft;'s hard pressed users can continue to use Windows' built-in XPS viewer application to safely view untrusted XPS documents.
They can get the out-of-band update package through the Microsoft Update Catalog or manually import the fixes into Windows Server Update Services and Microsoft Endpoint Configuration Manager.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/01/microsoft_fix_dotnet_xps/
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)