Desmond File

Blog archive

.NET Framework Security

We all know the managed code mantra of the .NET Framework -- more robust, more functional, more secure.

Or is it? Yesterday Microsoft announced a critical security flaw in versions 1.0, 1.1 and 2.0 of the .NET Framework. In fact, the framework suffers from a trifecta of vulnerabilities that can allow remote attackers to gain control over the system.

And yes, in case you were wondering, a buffer overflow issue is involved.

The good news is that .NET Framework 3.0 is not affected by the vulnerability. But if you currently have machines running older versions of .NET, you should move to get them patched. You can find information about this vulnerability here.

Are you surprised that Microsoft has to patch the .NET Framework? Does a vulnerability like this provide incentive to move to the most recent version of the framework? Let me know at mdesmond@reddevnews.com.

Posted by Michael Desmond on 07/11/2007 at 1:15 PM


comments powered by Disqus
Most   Popular
Upcoming Events

.NET Insight

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.