J
Joon.Choi
I need to apply the latest security updates for .NET 4.8 to all of our servers (Windows Server 2012) to ensure all known security vulnerabilities are removed.
If give you a high level view on the current status of our servers, .NET 4.5 was initially installed (actually came with Windows server 2012) and used by our ASP.NET MVC application and windows services. Also for some reason, .NET 2/3.5 was also installed, which is not really clear if it is currently being used by any apps in our servers. Our previous support staff haven't been diligent in installing all the security updates before upgrading .NET framework 4.5 to .NET 4.8.
After looking through Microsoft's KB articles, I came to a conclusion that I only need to apply the following latest monthly Security and Quality rollup for .NET 4.8 for Windows Server 2012 without needing to install a similar rollup for .NET 4.5 - Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 (KB4534133)
My rationale was that .NET 4.5 framework has been completely replaced when .NET 4.8 was installed to the servers. Hence, security updates for .NET 4.5 are no longer applicable.
However, when I downloaded the Feb 2020 rollup the other day, it contained 5 different msu files for one windows OS update, updates for .NET 3.5, .NET 4.5.2, 4.6, and .NET 4.8. While testing each update in my test server, I first installed the windows update which was recommended to install before any .NET updates. Then I installed the update for .NET 3.5 and it went well. Then for curiosity, I thought I would try to update the update for .NET 4.5, expecting that I would get an message saying that the update is not applicable for this server or something similar. However, to my surprise, it was successfully installed. I was also able to apply the update for .NET 4.8 as per my expectation.
Is is necessary to apply the update for .NET 4.5 before installing the update for .NET 4.8 in my case? Even if both updates got installed successfully, my concern is that the update for .NET 4.5 might have overwritten some of the .NET 4.8 files. Shouldn't the update for .NET 4.5 be checking if the .NET 4.5 has already been upgraded to .NET 4.8 to avoid unwanted overwrites on .NET 4.8?
Am I missing something here? Will I be fine if I just install the rollup for .NET 4.8?
Thanks,
Continue reading...
If give you a high level view on the current status of our servers, .NET 4.5 was initially installed (actually came with Windows server 2012) and used by our ASP.NET MVC application and windows services. Also for some reason, .NET 2/3.5 was also installed, which is not really clear if it is currently being used by any apps in our servers. Our previous support staff haven't been diligent in installing all the security updates before upgrading .NET framework 4.5 to .NET 4.8.
After looking through Microsoft's KB articles, I came to a conclusion that I only need to apply the following latest monthly Security and Quality rollup for .NET 4.8 for Windows Server 2012 without needing to install a similar rollup for .NET 4.5 - Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 (KB4534133)
My rationale was that .NET 4.5 framework has been completely replaced when .NET 4.8 was installed to the servers. Hence, security updates for .NET 4.5 are no longer applicable.
However, when I downloaded the Feb 2020 rollup the other day, it contained 5 different msu files for one windows OS update, updates for .NET 3.5, .NET 4.5.2, 4.6, and .NET 4.8. While testing each update in my test server, I first installed the windows update which was recommended to install before any .NET updates. Then I installed the update for .NET 3.5 and it went well. Then for curiosity, I thought I would try to update the update for .NET 4.5, expecting that I would get an message saying that the update is not applicable for this server or something similar. However, to my surprise, it was successfully installed. I was also able to apply the update for .NET 4.8 as per my expectation.
Is is necessary to apply the update for .NET 4.5 before installing the update for .NET 4.8 in my case? Even if both updates got installed successfully, my concern is that the update for .NET 4.5 might have overwritten some of the .NET 4.8 files. Shouldn't the update for .NET 4.5 be checking if the .NET 4.5 has already been upgraded to .NET 4.8 to avoid unwanted overwrites on .NET 4.8?
Am I missing something here? Will I be fine if I just install the rollup for .NET 4.8?
Thanks,
Continue reading...