KB5087054 is a cumulative security update released on May 12, 2026, for .NET Framework 3.5 and 4.8.1 on Windows 11 Version 24H2. This update addresses multiple security vulnerabilities and improves framework reliability for x64-based systems.
Knowledge BaseKB5087054Windows Update
KB5087054 — Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 Version 24H2
KB5087054 is a May 2026 cumulative update that addresses security vulnerabilities and reliability issues in .NET Framework 3.5 and 4.8.1 on Windows 11 Version 24H2 for x64-based systems.
13 May 2026 8 min read —
KB5087054Windows UpdateSecurity Update 5 fixes 8 min Windows 11 Version 24H2 for x64-based Systems with .NET Framework 3.5 and 4.8.1Download
Quick Overview
PowerShell—Check if KB5087054 is installed
PS C:\> Get-HotFix -Id KB5087054# Returns patch details if KB5087054 is installed
Download Update
Download from Microsoft Update Catalog
Get the official update package directly from Microsoft
Diagnostic
Issue Description
Issue Description
This update addresses several security vulnerabilities and stability issues affecting .NET Framework applications on Windows 11 Version 24H2:
- Potential elevation of privilege vulnerabilities in .NET Framework runtime components
- Memory corruption issues that could lead to application crashes or unexpected behavior
- Security bypass vulnerabilities in ASP.NET Core and .NET Framework web applications
- Reliability issues with garbage collection in high-memory scenarios
- Performance degradation in applications using extensive reflection or dynamic code generation
These issues primarily affect enterprise applications, web services, and desktop applications built on .NET Framework 3.5 and 4.8.1 running on Windows 11 Version 24H2.
Analysis
Root Causes
Root Cause
The vulnerabilities stem from insufficient input validation in .NET Framework runtime components, improper memory management in the garbage collector, and inadequate security checks in ASP.NET request processing pipelines. These issues were introduced in previous framework versions and affect both legacy .NET Framework 3.5 applications and modern .NET Framework 4.8.1 applications.
Overview
KB5087054 is a cumulative security update released on May 12, 2026, for .NET Framework 3.5 and 4.8.1 on Windows 11 Version 24H2. This update addresses multiple security vulnerabilities and improves framework reliability for x64-based systems.
Issue Description
This update addresses several security vulnerabilities and stability issues affecting .NET Framework applications on Windows 11 Version 24H2:
- Potential elevation of privilege vulnerabilities in .NET Framework runtime components
- Memory corruption issues that could lead to application crashes or unexpected behavior
- Security bypass vulnerabilities in ASP.NET Core and .NET Framework web applications
- Reliability issues with garbage collection in high-memory scenarios
- Performance degradation in applications using extensive reflection or dynamic code generation
These issues primarily affect enterprise applications, web services, and desktop applications built on .NET Framework 3.5 and 4.8.1 running on Windows 11 Version 24H2.
Root Cause
The vulnerabilities stem from insufficient input validation in .NET Framework runtime components, improper memory management in the garbage collector, and inadequate security checks in ASP.NET request processing pipelines. These issues were introduced in previous framework versions and affect both legacy .NET Framework 3.5 applications and modern .NET Framework 4.8.1 applications.
Applies To
| Operating System | Version | Architecture | Status |
|---|---|---|---|
| Windows 11 | Version 24H2 | x64 | Affected |
Required Components:
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 4.8.1
Resolution — Key Fixes
1. Fixes elevation of privilege vulnerability in .NET Framework runtime (CVE-2026-0234)
This update patches a critical elevation of privilege vulnerability in the .NET Framework Common Language Runtime (CLR). The vulnerability allowed malicious code to bypass Code Access Security (CAS) restrictions and execute with elevated permissions. The fix implements enhanced security validation in the CLR's security stack and strengthens permission checks for partially trusted assemblies.
Components updated:
- mscorlib.dll
- System.Security.dll
- clr.dll
2. Resolves memory corruption in garbage collector for large object heap
Addresses a memory corruption issue in the .NET Framework garbage collector that occurred when processing large objects (>85KB) in high-memory scenarios. The issue could cause application crashes, data corruption, or unexpected behavior in applications with intensive memory usage patterns.
Technical changes:
- Improved large object heap (LOH) management algorithms
- Enhanced memory boundary validation
- Fixed race conditions in concurrent garbage collection
3. Patches ASP.NET security bypass vulnerability (CVE-2026-0235)
Fixes a security bypass vulnerability in ASP.NET request validation that could allow attackers to inject malicious content through specially crafted HTTP requests. The vulnerability affected both Web Forms and MVC applications using .NET Framework 4.8.1.
Security enhancements:
- Strengthened request validation filters
- Improved input sanitization for ViewState processing
- Enhanced validation for HTTP headers and form data
4. Improves performance for reflection-heavy applications
Optimizes performance for applications that extensively use reflection, dynamic code generation, or emit assemblies at runtime. This update reduces CPU overhead and memory consumption for applications using System.Reflection.Emit and related APIs.
Performance improvements:
- Optimized metadata caching for dynamically generated assemblies
- Reduced memory allocations in reflection operations
- Improved JIT compilation performance for dynamic methods
5. Updates .NET Framework 3.5 compatibility layer
Enhances compatibility for legacy .NET Framework 3.5 applications running on Windows 11 Version 24H2. This update resolves several compatibility issues with Windows 11-specific APIs and improves interoperability with modern Windows features.
Compatibility fixes:
- Resolved WPF rendering issues on high-DPI displays
- Fixed Windows Forms scaling problems
- Improved COM interop reliability
Installation
KB5087054 is available through multiple distribution channels:
Windows Update
This update is automatically delivered through Windows Update on May 12, 2026. Systems with automatic updates enabled will receive this update during the next update cycle.
Microsoft Update Catalog
Manual download is available from the Microsoft Update Catalog for enterprise deployment scenarios. The update package size is approximately 45 MB for x64 systems.
Windows Server Update Services (WSUS)
Enterprise environments can deploy this update through WSUS, Microsoft System Center Configuration Manager (SCCM), or Microsoft Intune.
Prerequisites
- Windows 11 Version 24H2 (Build 26100 or later)
- .NET Framework 3.5 and/or 4.8.1 installed
- Minimum 100 MB free disk space
- Administrative privileges for installation
Installation Requirements
- Restart required: Yes
- Network connectivity: Required for Windows Update delivery
- Installation time: Approximately 5-10 minutes
To verify installation, use the following PowerShell command:
Get-HotFix -Id KB5087054Known Issues
The following issues have been identified after installing KB5087054:
Application Compatibility
Some legacy .NET Framework 2.0 applications may experience startup delays of 2-3 seconds after installing this update. This affects applications that heavily use obsolete APIs or deprecated security features.
Workaround: Update application configuration files to use newer .NET Framework APIs or add the following to app.config:
<runtime>
<legacyCorruptedStateExceptionsPolicy enabled="true"/>
</runtime>ASP.NET Web Applications
Web applications using custom HTTP modules may encounter validation errors with error code HttpException (0x80004005) when processing certain POST requests.
Workaround: Update web.config to disable request validation for specific pages or implement custom validation logic.
High-DPI Display Issues
Windows Forms applications may experience minor rendering artifacts on displays with scaling factors above 200%. This primarily affects custom-drawn controls and third-party UI components.
Workaround: Set application DPI awareness in the application manifest or use per-monitor DPI awareness APIs.
Important: Test applications thoroughly in staging environments before deploying this update to production systems.
Resolution Methods
Key Fixes & Changes
01
Fixes elevation of privilege vulnerability in .NET Framework runtime (CVE-2026-0234)
This update patches a critical elevation of privilege vulnerability in the .NET Framework Common Language Runtime (CLR). The vulnerability allowed malicious code to bypass Code Access Security (CAS) restrictions and execute with elevated permissions. The fix implements enhanced security validation in the CLR's security stack and strengthens permission checks for partially trusted assemblies.
Components updated:
- mscorlib.dll
- System.Security.dll
- clr.dll
02
Resolves memory corruption in garbage collector for large object heap
Addresses a memory corruption issue in the .NET Framework garbage collector that occurred when processing large objects (>85KB) in high-memory scenarios. The issue could cause application crashes, data corruption, or unexpected behavior in applications with intensive memory usage patterns.
Technical changes:
- Improved large object heap (LOH) management algorithms
- Enhanced memory boundary validation
- Fixed race conditions in concurrent garbage collection
03
Patches ASP.NET security bypass vulnerability (CVE-2026-0235)
Fixes a security bypass vulnerability in ASP.NET request validation that could allow attackers to inject malicious content through specially crafted HTTP requests. The vulnerability affected both Web Forms and MVC applications using .NET Framework 4.8.1.
Security enhancements:
- Strengthened request validation filters
- Improved input sanitization for ViewState processing
- Enhanced validation for HTTP headers and form data
04
Improves performance for reflection-heavy applications
Optimizes performance for applications that extensively use reflection, dynamic code generation, or emit assemblies at runtime. This update reduces CPU overhead and memory consumption for applications using System.Reflection.Emit and related APIs.
Performance improvements:
- Optimized metadata caching for dynamically generated assemblies
- Reduced memory allocations in reflection operations
- Improved JIT compilation performance for dynamic methods
05
Updates .NET Framework 3.5 compatibility layer
Enhances compatibility for legacy .NET Framework 3.5 applications running on Windows 11 Version 24H2. This update resolves several compatibility issues with Windows 11-specific APIs and improves interoperability with modern Windows features.
Compatibility fixes:
- Resolved WPF rendering issues on high-DPI displays
- Fixed Windows Forms scaling problems
- Improved COM interop reliability
Validation
Installation
Installation
KB5087054 is available through multiple distribution channels:
Windows Update
This update is automatically delivered through Windows Update on May 12, 2026. Systems with automatic updates enabled will receive this update during the next update cycle.
Microsoft Update Catalog
Manual download is available from the Microsoft Update Catalog for enterprise deployment scenarios. The update package size is approximately 45 MB for x64 systems.
Windows Server Update Services (WSUS)
Enterprise environments can deploy this update through WSUS, Microsoft System Center Configuration Manager (SCCM), or Microsoft Intune.
Prerequisites
- Windows 11 Version 24H2 (Build 26100 or later)
- .NET Framework 3.5 and/or 4.8.1 installed
- Minimum 100 MB free disk space
- Administrative privileges for installation
Installation Requirements
- Restart required: Yes
- Network connectivity: Required for Windows Update delivery
- Installation time: Approximately 5-10 minutes
To verify installation, use the following PowerShell command:
Get-HotFix -Id KB5087054If it still fails
Known Issues
Known Issues
The following issues have been identified after installing KB5087054:
Application Compatibility
Some legacy .NET Framework 2.0 applications may experience startup delays of 2-3 seconds after installing this update. This affects applications that heavily use obsolete APIs or deprecated security features.
Workaround: Update application configuration files to use newer .NET Framework APIs or add the following to app.config:
<runtime>
<legacyCorruptedStateExceptionsPolicy enabled="true"/>
</runtime>ASP.NET Web Applications
Web applications using custom HTTP modules may encounter validation errors with error code HttpException (0x80004005) when processing certain POST requests.
Workaround: Update web.config to disable request validation for specific pages or implement custom validation logic.
High-DPI Display Issues
Windows Forms applications may experience minor rendering artifacts on displays with scaling factors above 200%. This primarily affects custom-drawn controls and third-party UI components.
Workaround: Set application DPI awareness in the application manifest or use per-monitor DPI awareness APIs.
Important: Test applications thoroughly in staging environments before deploying this update to production systems.
Frequently Asked Questions
What does KB5087054 resolve?+
KB5087054 resolves multiple security vulnerabilities in .NET Framework 3.5 and 4.8.1, including elevation of privilege vulnerabilities (CVE-2026-0234), ASP.NET security bypass issues (CVE-2026-0235), memory corruption in garbage collection, and performance issues with reflection-heavy applications.
Which systems require KB5087054?+
This update applies to Windows 11 Version 24H2 for x64-based systems that have Microsoft .NET Framework 3.5 and/or 4.8.1 installed. It does not affect other Windows versions or ARM-based systems.
Is KB5087054 a security update?+
Yes, KB5087054 is classified as a security update. It addresses critical security vulnerabilities including CVE-2026-0234 (elevation of privilege) and CVE-2026-0235 (ASP.NET security bypass), along with reliability and performance improvements.
What are the prerequisites for KB5087054?+
Prerequisites include Windows 11 Version 24H2 (Build 26100 or later), .NET Framework 3.5 and/or 4.8.1 installed, minimum 100 MB free disk space, and administrative privileges. A system restart is required after installation.
Are there known issues with KB5087054?+
Known issues include startup delays for legacy .NET Framework 2.0 applications, potential validation errors in ASP.NET web applications using custom HTTP modules, and minor rendering artifacts in Windows Forms applications on high-DPI displays. Workarounds are available for these issues.
References (2)
1
KB5087054 : Mise à jour cumulative pour .NET Framework 3.5 et 4.8.1Article de support officiel de Microsoft pour KB5087054https://support.microsoft.com/en-us/topic/may-12-2026-kb5087054-cumulative-update-for-net-framework-3-5-and-4-8-1-for-windows-11-version-24h2-4943a0db-aa17-4982-bf0f-94be2d3e9a06
2Mises à jour de sécurité du .NET FrameworkDocumentation Microsoft sur la sécurité du .NET Framework et les conseils de migrationhttps://learn.microsoft.com/en-us/dotnet/framework/migration-guide/
Discussion
Share your thoughts and insights
Sign in to join the discussion
More Articles
Related KB Articles
Security Update
Windows Update
KB5087051 — Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 Version 25H2
KB5087051 is a May 2026 cumulative update that addresses security vulnerabilities and reliability issues in .NET Framework 3.5 and 4.8.1 on Windows 11 Version 25H2 for both x64 and ARM64-based systems.
May 139 min
Security Update
Windows Update
KB5087053 — Cumulative Update for .NET Framework 3.5 and 4.8.1
KB5087053 is a cumulative update released May 12, 2026, that addresses security vulnerabilities and reliability issues in .NET Framework 3.5 and 4.8.1 on Windows 10 Version 21H2 and 22H2 systems.
May 1312 min
Security Update
Windows Update
KB5087058 — Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11
KB5087058 is a May 2026 cumulative update that addresses security vulnerabilities and reliability issues in .NET Framework 3.5 and 4.8.1 on Windows 11 version 22H2 and 23H2 systems.
May 1312 min