none
.Net framework 4.0, 4.5 or 4.5.2 update to the latest version within windows servers RRS feed

  • Question

  • Hello All,

    I am working with vulnerability of Microsoft .NET framework  unsupported version on multiple server (Cluster, Files, Hyper-V Servers).

    When I checked on the servers I found .NET framework version 4.0, 4.5 & 4.5.2 is installed as feature from roles and Feature instead as software.

    so vulnerability says that we need to upgrade exiting version to the latest/supportive version, so how it possible.

    please suggest complete steps and ways to upgrade. 

    Thursday, October 1, 2020 3:28 PM

All replies

  • You should first review the applications installed on the servers and verify that they can function with an updated version of the framework. They may or may not have dependencies on the currently installed version. 

    Normally, we would install .Net updates, and really all security updates, on our test servers first. We would then allow at least a month of "burn in" to see if any application team reported problems before we applied the updates to our production servers. If you are updating the .Net version, you should be working with your application teams to come up with a rollout plan to update test servers, verify application functionality, update production servers.

    How do you patch your servers? WSUS? Do your WSUS admins approve the .Net security patches (cumulative updates)? Even though a given server may have an old version of the framework, if it has all .Net updates applied, and the OS is also supported and has it's security updates applied, is that really a vulnerability?   

    https://dotnet.microsoft.com/download/dotnet-framework

    https://docs.microsoft.com/en-us/lifecycle/faq/dotnet-framework

    Friday, October 2, 2020 3:26 PM