I have installed .net 3.5 on a windows 2003 system. I notice that in addition to the latest .net 3.5 level, previous levels of .net such as 1.0 and 2.0 are automatically installed also. These older versions have security issues that I assume are corrected in .net 3.5. Is this correct or do the relevant security patches for these older .net versions have to be installed also to harden the system ? Thank you
+5
A:
The .Net 3.5 SP1 contains all rolled up security patches as of the date it was packaged for .Net 2.0, 3.0, and 3.5.
.Net 3.5, like 3.0, is a superset of .Net 2.0. Meaning it is basically and add-on for .Net 2.0.
Tom Anderson
2009-01-05 14:37:22
There are however not security patches for all .net releases, so if he wants to deploy a 1.0 app, he will have some issues with security, see my link.
Filip Ekberg
2009-01-05 14:39:33
Which is why I stated that the 3.5 covers 2,3, and 3.5 only.
Tom Anderson
2009-01-05 14:40:59
Ah, yes of course ! :)
Filip Ekberg
2009-01-05 14:43:28
A:
Unless the patches break your application, you should always install the latest security patches for all softwre installed on your system. This should be part of a regular and, preferably, automated process. Since .NET 3.5 is completely separate from .NET 1.x, you will need to address the .NET 1.x security patches as well as .NET 3.5 SP1 (and any later patches that may come along).
tvanfosson
2009-01-05 15:04:16