Release Date:
June 22, 2022[07/04/2023] revised to include missing versions for Windows 10, version 1607 and 1507
[07/24/2023] revised to add release details for July 11, 2023 Security and Quality Rollup resolution
Summary
This article provides help to mitigate an issue when after installing the June 13, 2023, updates for .NET Framework and .NET, users may experience issues with how .NET Framework runtime imports X.509 Certificates.
Symptom
When using the X509Certificate, X509Certificate2, or X509Certificate2Collection class to import a PKCS#12 blob containing a private key, the calling application may observe the below exception.
-
System.Security.Cryptography.CryptographicException: PKCS12 (PFX) without a supplied password has exceeded maximum allowed iterations. See https://go.microsoft.com/fwlink/?linkid=2233907 for more information.
This failure affects PKCS#12 blobs which have been exported [e.g., via X509Certificate.Export(X509ContentType.Pfx)] without a password. The failure may occur non-deterministically.
Workaround
Microsoft has released updated installers for .NET Framework and .NET to address this issue. These installers can be applied to the affected machine regardless of whether the machine has already applied the original June 13, 2023, .NET Framework and .NET security updates.
:
-
If you previously used the registry switches documented at KB5025823 Change in how .NET applications import X.509 certificates to work around this issue, please remove those registry switches before installing the new patch. Run the two commands below from an elevated command prompt to remove the registry switches.
-
reg delete "HKLM\Software\Microsoft\.NETFramework" /v Pkcs12UnspecifiedPasswordIterationLimit /reg:32
-
reg delete "HKLM\Software\Microsoft\.NETFramework" /v Pkcs12UnspecifiedPasswordIterationLimit /reg:64
Resolution
This issue was addressed in out-of-band updates released June 22, 2023, for .NET Framework 4.6.2 and newer versions for Windows and Windows Server versions affected by this issue. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.
If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove workaround review the workaround or alternative workaround which was applied for instructions.
Product Version |
Update |
|
---|---|---|
Windows 11, version 22H2 |
||
.NET Framework 4.8.1 |
||
Windows 11, version 21H2 |
||
.NET Framework 4.8 |
||
.NET Framework 4.8.1 |
||
Windows Server 2022 |
||
.NET Framework 4.8 |
||
.NET Framework 4.8.1 |
||
Azure Stack HCI, version 22H2 |
||
.NET Framework 4.8 |
||
Azure Stack HCI, version 21H2 |
||
.NET Framework 4.8 |
||
Windows 10 Version 22H2 |
||
.NET Framework 4.8 |
||
.NET Framework 4.8.1 |
||
Windows 10 Version 21H2 |
||
.NET Framework 4.8 |
||
.NET Framework 4.8.1 |
||
Windows 10 1809 (October 2018 Update) and Windows Server 2019 |
||
.NET Framework 4.7.2 |
||
.NET Framework 4.8 |
||
Windows 10 1607 (Anniversary Update) and Windows Server 2016 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows 10 1507 |
||
.NET Framework 4.6, 4.6.2 |
||
Windows Embedded 8.1 and Windows Server 2012 R2 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows Embedded 8 and Windows Server 2012 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows Embedded 7 Standard and Windows Server 2008 R2 SP1 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
all supported Windows versions |
||
.NET 6.0.19 |
||
.NET 7.0.8 |
This issue was addressed in regular cumulative rollup released July 11, 2023, for all supported .NET Framework versions for Windows and Windows Server versions affected by this issue. The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.
Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.
If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove workaround review the workaround or alternative workaround which was applied for instructions.
Product Version |
Update |
|
---|---|---|
Windows 11, version 22H2 |
||
.NET Framework 3.5, 4.8.1 |
||
Windows 11, version 21H2 |
||
.NET Framework 3.5, 4.8 |
||
.NET Framework 3.5, 4.8.1 |
||
Windows Server 2022 |
||
.NET Framework 3.5, 4.8 |
||
.NET Framework 3.5, 4.8.1 |
||
Azure Stack HCI, version 22H2 |
||
.NET Framework 3.5, 4.8 |
||
Azure Stack HCI, version 21H2 |
||
.NET Framework 3.5, 4.8 |
||
Windows 10 Version 22H2 |
||
.NET Framework 3.5, 4.8 |
||
.NET Framework 3.5, 4.8.1 |
||
Windows 10 Version 21H2 |
||
.NET Framework 3.5, 4.8 |
||
.NET Framework 3.5, 4.8.1 |
||
Windows 10 1809 (October 2018 Update) and Windows Server 2019 |
||
.NET Framework 3.5, 4.7.2 |
||
.NET Framework 3.5, 4.8 |
||
Windows 10 1607 (Anniversary Update) and Windows Server 2016 |
||
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows 10 1507 |
||
.NET Framework 3.5, 4.6, 4.6.2 |
||
Windows Embedded 8.1 and Windows Server 2012 R2 |
||
.NET Framework 3.5 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows Embedded 8 and Windows Server 2012 |
||
.NET Framework 3.5 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows Embedded 7 Standard and Windows Server 2008 R2 SP1 |
||
.NET Framework 3.5.1 |
||
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 |
||
.NET Framework 4.8 |
||
Windows Server 2008 SP2 |
||
.NET Framework 2.0, 3.0 |
||
.NET Framework 4.6.2 |
Affected updates
The following .NET Framework and .NET versions are affected:
-
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2, when the June 13, 2022, security update is installed.
-
.NET Framework 4.8, when the June 13, 2022, security update is installed.
-
.NET Framework 4.8.1, when the June 13, 2022, security update is installed.
-
.NET 6.0.18.
-
.NET 7.0.7.
Frequently Asked Questions (FAQs)
When was this change introduced?
This change in behavior was introduced in the June 13, 2022, security updates for .NET and .NET Framework.
Is it necessary for me to install this new update?
Installing this new update is necessary only if your application is experiencing the issue described in the "Symptom" heading at the top of this article. If you are not experiencing this issue, there is no need for you to install this update.
Does this new update replace the June 13, 2023, .NET Framework update?
No. If you are using .NET Framework, you should first install the June 13, 2023 rollup or security-only updates before installing the new June 22, 2023 update.
Does this new update replace .NET 6.0.18 or .NET 7.0.7?
Yes. As part of this update, we are also releasing .NET 6.0.19 and .NET 7.0.8, both of which can be downloaded from https://get.dot.net/. These releases are intended to replace .NET 6.0.18 and .NET 7.0.7, which were released on June 13, 2023.
The only difference between .NET 6.0.19 / 7.0.8 and .NET 6.0.18 / 7.0.7 is the compatibility fix mentioned above. .NET 6.0.19 / 7.0.8 do not carry any additional security fixes beyond what was already published in .NET 6.0.18 / 7.0.7.
Information about protection and security
-
Protect yourself online: Windows Security support
-
Learn how we guard against cyber threats: Microsoft Security