I *think* in my case, I’m covered since I have .NET 3.5, and I’ve installed the patch for that.
However, it just occurred to me that someone with a Server 2008 box using the built-in .NET 3.0 has no way to patch this vulnerability, other than installing 3.5. From: Christopher Bodnar [mailto:[email protected]] Sent: Wednesday, September 29, 2010 5:28 PM To: NT System Admin Issues Subject: Re: MS10-070 & .NET 3.0 Its' my understanding that 3.0 installs 2.0, so that makes sense that 2.0 patch installed. Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 From: Ken Cornetet <[email protected]> To: "NT System Admin Issues" <[email protected]> Date: 09/29/2010 04:04 PM Subject: MS10-070 & .NET 3.0 ________________________________ I’m confused… I’ve been looking over bulletin MS10-070 for a bit and trying to determine how to patch my Server 2008 SP2 x64 servers. When I look at “features” in server manager, I see .NET 3.0 installed as a feature. When I look at “Programs and Features”, I see .NET 3.5 SP1. Looking at MS10-070 it specifically says that all versions of .NET are vulnerable except 1.0 SP3. However, when you read the “Affected and Non-Affected Software” .NET 3.0 is never listed as affected or not affected. I downloaded all of the patches that were listed (1.1 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 4.0) and applied them. As expected, the 1.1 SP1 patch failed to apply because that version of .NET is not installed. The 2.0 version DID apply even though .NET 2.0 is not shown as being installed. The 3.5 version failed to apply (as expected). The 3.5 SP1 version applied as expected. Why did 2.0 install? And, more importantly, where do I get the patch for .NET 3.0? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
