.NET Framework Security
We all know the managed code mantra of the .NET Framework -- more robust, more
functional, more secure.
Or is it? Yesterday Microsoft announced
a critical security flaw in versions 1.0, 1.1 and 2.0 of the .NET Framework.
In fact, the framework suffers from a trifecta of vulnerabilities that can allow
remote attackers to gain control over the system.
And yes, in case you were wondering, a buffer overflow issue is involved.
The good news is that .NET Framework 3.0 is not affected by the vulnerability.
But if you currently have machines running older versions of .NET, you should
move to get them patched. You can find information about this vulnerability
here.
Are you surprised that Microsoft has to patch the .NET Framework? Does a vulnerability
like this provide incentive to move to the most recent version of the framework?
Let me know at [email protected].
Posted by Michael Desmond on 07/11/2007