|BKHoward||Net Framework 3.0 Insecure v. 3.5.1|
|15th Oct, 2010 02:12|
User Since: 4th Dec, 2008
System Score: N/A
Secunia is flagging Microsoft .NET Framework 3.x as INSECURE showing my version as 3.04506.4926. HOWEVER, I also have .NET Framework 3.5.1 which was just updated by Windows Update and is NOT flagged in Secunia. Windows Update does NOT flag .NET 3.0 as requiring an update.
I'm assuming .NET 3.5 replaced 3.0 and that's why Windows Update is not showing an available update. Is this true and if so, should I tell PSI to "Ignore" the NET 3.0 programs since I have the current patches in 3.5.1?
GOD, I hate dealing with .NET!
OS is Win 7 Pro 64-bit
Many thanks for any insights.
|thedillpickl||RE: Net Framework 3.0 Insecure v. 3.5.1|
|15th Oct, 2010 05:02|
User Since: 3rd May 2009
System Score: 100%
Welcome to the Secunia forum.
Be cautious 'assuming' anything with MS. 3.5 is not the same as 3.0 .
First, I know this sounds dumb, have you rebooted? Shut the computer completely off and restart. Now open PSI (I assume :) you're using PSI and not OSI) and do a full manual scan.
If no success, you will need to sort out the .net that is being flagged.
Details can be found by searching MS TechNet: http://social.technet.microsoft.com/Search/en-US?q...
Be aware of differences between 32 & 64 bit and various Service Packs.
I have had to uninstall a .net before (using Add/Remove in XP) and completely reinstall.
Chrome, Firefox, IE8
consilio et animis
|BKHoward||RE: Net Framework 3.0 Insecure v. 3.5.1|
|15th Oct, 2010 19:30|
User Since: 4th Dec 2008
System Score: N/A
on 15th Oct, 2010 05:02, thedillpickl wrote:
First, I know this sounds dumb, have you rebooted?
Yes. I went through a couple of "soft" boots during the "Million Patch" update that Microsoft put out this week. Followed that by a hard boot this morning. What I had not done was a manual scan by PSI. It had done a scheduled scan just a few days ago and I assumed it would rescan the offending NET locations following the hard boot. After doing a manual scan this morning, however, all is well. The NET 3.0 insecurity is now gone and all is back to GREEN, just the way I like it.
Thanks for the response.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.