IRONSMITHINTEL
MEDIUMCVSS7.5
|CVE-2023-21538|Auth: none — network accessible endpoint sufficient|Reboot: recommended|Est. 20 minutes plus reboot|Manual only

KB5022143: .NET Framework 3.5 / 4.8 Security Update for Windows Server (January 2023)

.NET Framework has a denial-of-service vulnerability when parsing certain XML input patterns. Apply KB5022143 as part of January Patch Tuesday; .NET is a dependency for countless server applications and this update is low-risk to apply.

Published Jan 10, 2023 · Updated May 10, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

Attackers can crash .NET-based applications and services, causing denial of service. This affects IIS-hosted applications, Windows Communication Foundation (WCF) services, and any custom .NET application that processes XML from the network.

How the attack works

.NET Framework fails to properly handle malformed XML documents, allowing an attacker who can send XML input to a .NET application to cause a denial of service. Any server-side .NET application that accepts XML from untrusted sources is potentially affected.

Am I affected?Quick check

Probably yes if any of these apply:

All Windows Server administrators
.NET application teams
IIS Administrators
Running .NET Framework 3.5 and 4.8 on Windows Server prior to January 2023 update

Affected OS versions

Windows Server 2012 R2Windows Server 2016Windows Server 2019Windows Server 2022
Fixed inKB5022143 (.NET Framework January 2023)
Real-world incidentsWhat we've seen

An attacker discovers a customer-facing WCF endpoint that processes XML invoices. By sending a deliberately malformed XML document, they repeatedly crash the payment processing service, causing business disruption. The fix requires only applying the monthly .NET framework security update.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB5022143

Manual remediation steps

20 minutes plus reboot

Check .NET Framework Version

Get-ChildItem "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP" -Recurse |
Get-ItemProperty -Name Version, Release -ErrorAction SilentlyContinue |
Where-Object { $_.PSChildName -match "^(?!S)\p{L}" } |
Select-Object PSChildName, Version, Release

Check if KB5022143 is Installed

Get-HotFix -Id KB5022143
# No output = not installed

Apply via Windows Update

# Install PSWindowsUpdate module if not present
Install-Module PSWindowsUpdate -Force -SkipPublisherCheck

# List available updates including .NET updates
Get-WindowsUpdate -MicrosoftUpdate

# Install KB5022143
Install-WindowsUpdate -KBArticleID KB5022143 -AcceptAll

Or Apply Manually

1
Download KB5022143 from https://catalog.update.microsoft.com
2
Run the MSU installer
3
Reboot when prompted

Verify

Get-HotFix -Id KB5022143
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2023-21538MSRC AdvisoryNVDKBKB5022143
CVEs in this update1 fixes · Patch-to-CVE mapping
Patch IDCVE IDVulnerability Name / TypeCVSSReference
KB5022143CVE-2023-21538.NET Framework 3.5 / 4.8 — XML processing7.5NVD ↗