Results 1 to 10 of 10

Thread: .NET insecure

  1. #1
    Star Lounger
    Join Date
    Jan 2001
    Location
    Chatham, Ontario, Canada
    Posts
    86
    Thanks
    5
    Thanked 1 Time in 1 Post

    .NET insecure

    When I first ran Secunia PSI after reinstalling Win 7 (Dell recovery disk) it reported that .NET 2, 2(64), and 3 were all insecure. I planned to uninstall and reinstall .NET but found that the uninstall only removed the current version. When I tried to delete manually it refused with the 'Trusted Installer' message.
    I found a couple of suggestions for removing them that didn't work. Can I just boot up Linux and zap the offending files, clean the registry, and reinstall .NET?

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,179
    Thanks
    47
    Thanked 983 Times in 913 Posts
    I wouldn't try a boot CD and delete, it's bound to break things. You should be able to perform a repair when you run the installer. That will re-copy and reset everything.
    .NET will be listed as insecure if you haven't applied the MS patches.

    cheers, Paul

  3. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    As Paul implies, the fix for such situations is to run Windows Update and let install the .net patches. If you removed the current version, you may as well try and install it again and then apply the patches. I am sure PSI itself will point to Windows Update as the solution to the security issues with .net.

  4. #4
    Star Lounger
    Join Date
    Jan 2001
    Location
    Chatham, Ontario, Canada
    Posts
    86
    Thanks
    5
    Thanked 1 Time in 1 Post
    Sorry I ought to have mentioned that it was completely updated after the reinstall. Unfortunately there a number of failed updates, most of which revolve around .NET.
    Since I've already removed the current version shouldn't any applications fail already?

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Not all applications will require a specific .net version, so it really depends on what you have installed.

  6. #6
    Star Lounger
    Join Date
    Jan 2001
    Location
    Chatham, Ontario, Canada
    Posts
    86
    Thanks
    5
    Thanked 1 Time in 1 Post
    I'm not aware of any applications which depend on any version of .NET. Certainly nothing that I have knowingly installed. This of course is likely just a measure of my ignorance.

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Usually applications that need .Net will install the proper version or let you know about it, when you install them. Relevant .net versions were also included with Vista and Windows 7.
    Last edited by ruirib; 2011-07-16 at 14:51.

  8. #8
    Star Lounger
    Join Date
    Jan 2001
    Location
    Chatham, Ontario, Canada
    Posts
    86
    Thanks
    5
    Thanked 1 Time in 1 Post
    Well I installed the latest and greatest, ran the updates, and now I have 4 versions of .NET that are insecure.
    I think the LucidPuppy will be taking over tonight.

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Set a restore point, image if you prefer, and then apply the security patches. An alternative would be to look for the patch watch list maintained by Susan Bradley, that lists which .net patches are safe, installation wise and install only those.

  10. #10
    Star Lounger
    Join Date
    Jan 2001
    Location
    Chatham, Ontario, Canada
    Posts
    86
    Thanks
    5
    Thanked 1 Time in 1 Post
    I hadn't thought about Ms. Bradley's list so I went ahead and installed any patch that Microsoft suggested. .NET 4 was still shown as insecure.
    I uninstalled it and guess what. Secunia shows that it left the insecure bits.
    Secunia also showed the patch KB2478661-x64 as missing. Update had not listed that one and when I installed it BINGO. No more insecure .NET of any flavour.
    Now of course I have no idea what I have installed as I 'removed' 3.5 and 4. I think I'll just leave well enough alone unless something actually complains about a missing piece.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •