Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Net Framework 3.0 Insecure v. 3.5.1

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as locked.
BKHoward Net Framework 3.0 Insecure v. 3.5.1
Member 15th Oct, 2010 02:12
Ranking: 0
Posts: 4
User Since: 4th Dec, 2008
System Score: N/A
Location: US
Secunia is flagging Microsoft .NET Framework 3.x as INSECURE showing my version as 3.04506.4926. HOWEVER, I also have .NET Framework 3.5.1 which was just updated by Windows Update and is NOT flagged in Secunia. Windows Update does NOT flag .NET 3.0 as requiring an update.

I'm assuming .NET 3.5 replaced 3.0 and that's why Windows Update is not showing an available update. Is this true and if so, should I tell PSI to "Ignore" the NET 3.0 programs since I have the current patches in 3.5.1?

GOD, I hate dealing with .NET!

OS is Win 7 Pro 64-bit

Many thanks for any insights.



BK

thedillpickl RE: Net Framework 3.0 Insecure v. 3.5.1
Contributor 15th Oct, 2010 05:02
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi BK;

Welcome to the Secunia forum.

Be cautious 'assuming' anything with MS. 3.5 is not the same as 3.0 .

First, I know this sounds dumb, have you rebooted? Shut the computer completely off and restart. Now open PSI (I assume :) you're using PSI and not OSI) and do a full manual scan.

If no success, you will need to sort out the .net that is being flagged.

Details can be found by searching MS TechNet: http://social.technet.microsoft.com/Search/en-US?q...

Be aware of differences between 32 & 64 bit and various Service Packs.

I have had to uninstall a .net before (using Add/Remove in XP) and completely reinstall.


Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+1
-0
BKHoward RE: Net Framework 3.0 Insecure v. 3.5.1
Member 15th Oct, 2010 19:30
Score: 0
Posts: 4
User Since: 4th Dec 2008
System Score: N/A
Location: US
Hi Fred,

on 15th Oct, 2010 05:02, thedillpickl wrote:


First, I know this sounds dumb, have you rebooted?


Yes. I went through a couple of "soft" boots during the "Million Patch" update that Microsoft put out this week. Followed that by a hard boot this morning. What I had not done was a manual scan by PSI. It had done a scheduled scan just a few days ago and I assumed it would rescan the offending NET locations following the hard boot. After doing a manual scan this morning, however, all is well. The NET 3.0 insecurity is now gone and all is back to GREEN, just the way I like it.

Thanks for the response.


BKHoward
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability