navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI says .NET 3.x insecure - Microsoft says no

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft .NET Framework 3.x

This thread has been marked as locked.
alexanm PSI says .NET 3.x insecure - Microsoft says no
Member 31st Dec, 2009 02:11
Ranking: 1
Posts: 3
User Since: 23rd Oct, 2009
System Score: N/A
Location: N/A
Running Vista x64 with SP2 installed. .NET Framework 3.5 SP1 installed.

Prior to the install of SP2 PSI did not detect any issues with .NET Framework 3.5. Now having installed SP2 PSI is now stating that "Microsoft .NET Framework 3.x" is a Category 4 threat and should be patched.

The Secunia site does not list a patch for .NET 3.x on Vista x64. Reading the MS advisory MS09-061 (http://www.microsoft.com/technet/security/bulletin...) the specific combination of .NET 3.5 SP1 on Vista x64 SP2 is listed under "Non-affected Software".

Is this a false-positive by PSI? Can someone from Secunia offer advice on how I can resolve this?

TIA.

mogs RE: PSI says .NET 3.x insecure - Microsoft says no
Expert Contributor 1st Jan, 2010 00:40
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
http://secunia.com/community/forum/thread/show/323...
Maurice's post may be helpful.

--
Was this reply relevant?
+0
-0
alexanm RE: PSI says .NET 3.x insecure - Microsoft says no
Member 1st Jan, 2010 01:25
Score: 1
Posts: 3
User Since: 23rd Oct 2009
System Score: N/A
Location: N/A
Thanks for the reply MOGS. I had read Maurice's post(s) regarding .NET Framework, but since I already have .NET 3.5 SP1 installed I couldn't see how his posts would help.

In the end I resorted to running the 3.5 SP1 install again, and then running Windows Update, this seems to have cured the problem. Pity, I don't see why I should have to re-install something in order to patch it! :(
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+