Microsoft has released Out of Band (OOB) updates for certain versions of .NET Framework and .NET to address XPS display issues triggered by the December 2022 Cumulative Security Updates.

Users will experience null reference exceptions and incorrectly displaying images or glyphs when viewing XPS documents rendered using affected Windows Presentation Foundation (WPF)-based applications.

“This update resolves a known issue that could prevent XPS documents that use structural or semantic elements such as table structure, storyboards, or hyperlinks from displaying correctly in WPF-based viewers,” Microsoft added today.

Emergency updates released today are not delivered through Windows Update and will not automatically install on affected devices.

You can download standalone .NET Framework update packages from the Microsoft Update Catalog (a list of all available updates and download links is available at this accompanying document).

Windows administrators can also manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.

“You must restart the computer after you apply this update if any affected files are in use. We recommend that you quit all .NET Framework-based applications before applying this update,” Microsoft said.

“For .NET Framework versions that are not addressed, Microsoft is actively investigating an additional update that restores compatibility while addressing the underlying security issue.”

Workaround also available for affected users

Microsoft is also providing interim fixes for users or administrators who cannot immediately install today’s emergency updates to address this known issue.

One of the workarounds requires you to run a PowerShell script to resolve the compatibility issue with last month’s security updates for .NET Framework and .NET:

1. Download the powershell-script

2. Open PowerShell Prompt as Administrator

3. In the prompt, navigate to the directory where the script was downloaded

4. Run the command in the prompt: .\kb5022083-compat.ps1 -Install (you can use -Uninstall to remove the workaround)

Redmond shared a another workaround which can be used if the PowerShell script fails, which requires disabling enhanced security behavior for XPS documents.

However, “do not disable the feature if you accept XPS documents from the Internet, email from external entities, or other untrusted sources,” Microsoft warned.

“This disables enhanced machine-wide functionality and should only be used when you can fully trust all XPS entries in your systems.”