STIGQter: STIG Summary: Microsoft DotNet Framework 4.0 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Microsoft DotNet Framework 4.0 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-225229r615940_rule
V-225229
SRG-APP-000516
APPNET0061
CAT II
10
Remove unsupported versions of the .NET Framework and upgrade legacy applications that utilize unsupported versions of the .NET framework.
Determine which versions of the .NET Framework are installed by opening the directory %systemroot%\Microsoft.NET.
The folder named "%systemroot%\Microsoft.NET\Framework" contains .NET files for 32 bit systems. The folder named "%systemroot%\Microsoft.NET\Framework64" contains .NET files for 64 bit systems. 64 bit systems will have both the 32 bit and the 64 bit folders while 32 bit systems do not have a Framework64 folder.
Within each of the aforementioned folders are the individual folder names that contain the corresponding versions of the .NET Framework:
v4.0.30319
v3.5
v3.0
v2.0.50727
v1.1.4322
v1.0.3705
Search for all the Mscorlib.dll files in the %systemroot%\Microsoft.NET\Framework folder and the %systemroot%\Microsoft.NET\Framework64 folder if the folder exists. Click on each of the files, view properties, and click version tab to determine the version installed. If there is no Mscorlib.dll, there is no installed version of .Net Framework in that directory.
More specific information on determining versions of .Net Framework installed can be found at the following link. http://support.microsoft.com/kb/318785
Verify extended support is available for the installed versions of .Net Framework.
Verify the .Net Framework support dates with Microsoft Product Lifecycle Search link.
http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=.NET+Framework
Beginning with .NET 3.5 SP1, the .NET Framework is considered a Component of the Windows OS. Components follow the Support Lifecycle policy of their parent product or platform.
If any versions of the .Net Framework are installed and support is no longer available, this is a finding.
V-225229
False
APPNET0061
Determine which versions of the .NET Framework are installed by opening the directory %systemroot%\Microsoft.NET.
The folder named "%systemroot%\Microsoft.NET\Framework" contains .NET files for 32 bit systems. The folder named "%systemroot%\Microsoft.NET\Framework64" contains .NET files for 64 bit systems. 64 bit systems will have both the 32 bit and the 64 bit folders while 32 bit systems do not have a Framework64 folder.
Within each of the aforementioned folders are the individual folder names that contain the corresponding versions of the .NET Framework:
v4.0.30319
v3.5
v3.0
v2.0.50727
v1.1.4322
v1.0.3705
Search for all the Mscorlib.dll files in the %systemroot%\Microsoft.NET\Framework folder and the %systemroot%\Microsoft.NET\Framework64 folder if the folder exists. Click on each of the files, view properties, and click version tab to determine the version installed. If there is no Mscorlib.dll, there is no installed version of .Net Framework in that directory.
More specific information on determining versions of .Net Framework installed can be found at the following link. http://support.microsoft.com/kb/318785
Verify extended support is available for the installed versions of .Net Framework.
Verify the .Net Framework support dates with Microsoft Product Lifecycle Search link.
http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=.NET+Framework
Beginning with .NET 3.5 SP1, the .NET Framework is considered a Component of the Windows OS. Components follow the Support Lifecycle policy of their parent product or platform.
If any versions of the .Net Framework are installed and support is no longer available, this is a finding.
M
4213