Skip to main content Skip to footer

Recent .NET patches are not to be ignored

Developers utilizing the .NET framework for languages would do well to update their work as quickly as possible. Of course, the standard reasons to upgrade to newer patches always hold true - new patches fix security holes, create a more stable environment and allow for more flexible operations between languages through .NET. But some patches are more important than others because of the magnitude of security breaches that they fix.

According to InfoQ, Microsoft has announced that security and non-security updates to .NET versions 3.5 SP 1 to 4.5.1 will be discontinued. No security updates, no non-security updates, no support at all for those versions of the software. This seems to be a part of Microsoft's current strategy to rid itself of legacy support for old versions of .NET and Internet Explorer in order to test and release security patches for newer products more quickly.

Developers who are not ready to move on to 4.5.2 can opt to roll back to .NET 3.5 SP 1, because that version of the software is tied to Windows 2008 Server R2 and Windows 7, which both have life spans that are supposed to continue to 2020. So, organizations that are focused on pinching their pennies or are focused on working with Windows 7 can - and will likely - choose that option.

Security fixes
Anyone who has not yet moved on to 4.5.2 should definitely move on to it though, in order to receive recent security patches. For example, a resent patch, MS14-053, tprotects against an exploit that can be used in ASP.NET that is also installed on a Windows system, according to Visual Studio Magazine. This effects most versions between 1.1 SP1 to 4.5.2, and is not likely to be the only security patch since this announcement provides primarily just important security fixes. Companies that want to be sure that the software they are developing is reliable and safe against attacks need to move to a supported version in order to get further fixes. Another issue affects all versions of the .NET framework except for 3.0 SP2 and 4.5.2, the versions that are currently being actively supported by Microsoft.

Staying on top of the different security patches available for the .NET interface critical for developers moving forward, specifically for those designing for enterprise users. Organizations will, as time goes on, only be looking for programs that run the newer version of the .NET controls, especially if Microsoft successfully makes a break from its legacy systems and focuses on a tighter turn around of patches in the years to come.

MESCIUS inc.

comments powered by Disqus