Vulnerabilities of 4.8

S Abijith 466 Reputation points
2024-01-02T12:05:47.2633333+00:00

Hi All,

We have a windows application built on .Net Framework 4.8. Recently, we found that the below mentioned vulnerabilities are present in .Net Framework 4.8:

CVE-2023-36796
CVE-2023-36794
CVE-2023-36793
CVE-2023-36792
CVE-2023-36788
CVE-2023-36899
CVE-2023-24936
CVE-2023-29331
CVE-2023-29326
CVE-2023-32030
CVE-2023-24897
CVE-2023-24895

We are currently planning to upgrade to .Net Framework 4.8.1. Will this upgrade fix all the vulnerabilities found in 4.8??

Please let us know on this!!

Any help is appreciated.

Thank you in advance!!

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,288 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jiale Xue - MSFT 48,871 Reputation points Microsoft Vendor
    2024-01-02T14:57:58.54+00:00

    Hi @S Abijith , Welcome to Microsoft Q&A,

    This problem is the same as the previously mentioned upgrade from 4.7.2 to 4.8.

    If you want to avoid any security vulnerabilities, it is recommended that you use an older version that is more stable.

    Using newer versions generally doesn't have the security issues of older versions.

    The security vulnerability you mentioned above has been fixed in the December 2023 patch.

    You need to consider user costs and development costs, and upgrade to the new version according to your own needs.

    Best Regards,

    Jiale


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.