Forum Thread: PSI gives incorrect advise on how to secure .NET 1.1.

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft .NET Framework 1.x

This thread has been marked as locked.
Keith2468 PSI gives incorrect advise on how to secure .NET 1.1.
Member 18th Jul, 2010 08:13
Ranking: 0
Posts: 1
User Since: 29th May, 2010
System Score: N/A
Location: N/A
Last edited on 18th Jul, 2010 08:16

PSI gives incorrect advise on how to secure .NET 1.1. PSI should be updated to advise installing the .NET 1.1 fix in KB928366.

Problem:

PSI complains that .NET 1.1 is insecure on Windows 7 64-bit.

The solution PSI suggests (after verifying the folder .NET 1.1 is located in) is to run Microsoft Update.

But Microsoft Update finds nothing to fix.

A PSI rescan shows that the vulnerability still exists.

Reinstalling .NET SP1 doesn't fix the problem either.

Solution:

PSI should be updated to advise installing the .NET 1.1 fix in KB928366.

Install the KB928366 update for .NET 1.1 here:

.NET Framework 1.1 Service Pack 1 SYSTEM.WEB.DLL and MSCOREE.DLL Security Update for Windows 2000, Windows XP, Windows 2003 Server x64/IA64 and Windows 2003 Server R2 x64/IA64

http://www.microsoft.com/downloads/details.aspx?Fa...

Filename: NDP1.1sp1-KB928366-X86.exe

Tell PSI to rescan. PSI should no longer report .NET 1.1 is vulnerable.

This user no longer exists RE: PSI gives incorrect advise on how to secure .NET 1.1.
Member 20th Jul, 2010 09:05
Hi,

After testing this issue, I have concluded that it is specific to Windows 7 - Vista, XP and other systems are successfully patched by using Windows/Microsoft Update.

Our update instructions have been upgraded to reflect this. Thank you for making us aware of the problem.

hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.