Microsoft has released out-of-band (OOB) updates for some .NET Framework and .NET versions to address XPS display issues triggered by December 2022 cumulative security updates.
Users will experience null reference exceptions and images or glyphs displaying incorrectly when viewing XPS documents rendered using affected Windows Presentation Foundation (WPF) based apps.
“This update addresses a known issue which might cause XPS documents which utilize structural or semantic elements like table structure, storyboards, or hyperlinks to not display correctly in WPF-based readers,” Microsoft added today.
The emergency updates released today are not delivered via Windows Update and will not install automatically on affected devices.
You can download the standalone .NET Framework update packages from the Microsoft Update Catalog (a list of all available updates and download links is available in this support document).
Windows admins can also manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
“You must restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update,” Microsoft said.
“For versions of .NET Framework which are not addressed Microsoft is actively investigating an additional update which restores compatibility while also resolving the underlying security issue.”
Workaround also available for affected users
Microsoft also provides temporary fixes for users or admins who cannot immediately install today’s emergency updates to address this known issue.
One of the workarounds requires you to run a PowerShell script to address the compatibility issue with last month’s security updates for .NET Framework and .NET:
Download the PowerShell script
Open a PowerShell prompt as an administrator
Within the prompt, navigate to the directory where the script was downloaded
Run the command within the prompt: .\kb5022083-compat.ps1 -Install (you can use -Uninstall to remove the workaround)
Redmond has shared an alternate workaround that can be used if the PowerShell script fails, which requires disabling the enhanced security behavior for XPS documents.
However, “do not turn off the functionality if you accept XPS documents from the internet, emails from external entities or other untrustable sources,” Microsoft warned.
“This disables the enhanced functionality machine wide and should only be used when you can fully trust all XPS input into your systems.”