Summary

The May 14, 2024 cumulative update for .NET Framework for Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server 2022 may cause reliability issues with the Laserfiche Web Client and Laserfiche WebLink.

Laserfiche is actively investigating and will update this article with additional information as it becomes available.

Updated October 2, 2024 - Organizations using Laserfiche Web Client v11 should apply Web Client 11 Update 9 which includes the hotfix for this issue. For Web Client v10 and WebLink v10/11, a hotfix for this issue is available and can be requested via Laserfiche Support. Please work with your Solution Provider to open a support case for this purpose.

Symptoms

After applying the May 14, 2024 Cumulative Update for .NET Framework for Windows 10, Windows Server 2016, Windows Server 2019, or Windows Server 2022 on the computer hosting versions 10 or 11 of Laserfiche Web Client or Laserfiche WebLink, the IIS application pool (by default, WebAccessAppPool or WebLinkAppPool) may repeatedly go into a faulting state. The Windows Event Log should contain entries similar to the following example:

Faulting application name: w3wp.exe, version: 10.0.14393.0, time stamp: 0x57899b8a
Faulting module name: ntdll.dll, version: 10.0.14393.6343, time stamp: 0x6502806a
Exception code: 0xc0000374
Fault offset: 0x00000000000f7173
Faulting process id: 0x1cac
Faulting application start time: 0x01dab207337c2536
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 51e38f83-3df5-4023-9fae-6ae826cbc9b1
Faulting package full name: 
Faulting package-relative application ID:

Users attempting to browse to a Web Client or WebLink page may receive various HTTP 500 errors while the application pool is in a failed state and cannot respond.

Workaround

As a workaround, uninstall the May 2024 Cumulative Update for .NET Framework 4.8 applicable to the operating system. Per Microsoft, "There are no new security improvements in this release. This update is cumulative and contains all previously released security improvements." A reboot is required for the change to take effect.

Validate that the affected servers have the April 2024 .NET Framework Cumulative Update for their operating system installed, which has the latest available security update.

If you have previously disabled "Rapid fail protection" (enabled by default) on the affected IIS application pools as a temporary mitigation, Laserfiche recommends re-enabling it after uninstalling the May 2024 Cumulative Update for .NET Framework 4.8. Leaving it disabled can have negative impacts on system stability in the event of rapid app pool crash sequences, and Microsoft recommends having it enabled.

Additional Information

Relevant Window Update KBs include but may not be limited to:

• May 14, 2024-KB5037926 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016
• May 14, 2024-KB5038283 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019
• May 14, 2024-KB5037933 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server 2019
• May 14, 2024-KB5038282 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022