0

I've been tasked to look into patching security vulnerabilities for Windows server for my project. The project is running VMware AirWatch UEM on-prem environment. When this application was first installed, it came with its own pre-requisites supported, including compatible versions of .NET Core and ASP.NET Core. But since then, this version of .NET Core and ASP.NET Core has been flagged for several security vulnerabilities.

How do I patch NET Core/ASP.NET Core separately for an application that is using this component? Is it the same process as patching .NET Framework, where it is downloaded and run?

The only previous threads I found on this that were closely related, were from here and here, which seems that it is not advisable to update .NET Core/ASP.NET Core separately from the third party application itself.

I've reached out to VMware but they are taking a long time to respond.

janw
  • 8,758
  • 11
  • 40
  • 62
user1862438
  • 1
  • Can you build the system from source? If not, then _have fun..._ – Dai Nov 08 '21 at 04:36
  • "How do I patch the .NET Core/ASP.NET Core separately for an application that is using this component?" - you need to tell us what specific versions of .NET Core you're referring to. The process for patching from an LTS branch like ASP.NET Core 3.1 is very different to a non-LTS branch like ASP.NET Core 2.x.. – Dai Nov 08 '21 at 04:36
  • @Dai I can't build from source. Currently on ASP.NET Core 3.1.6. Looking to patch it up to 3.1.18. – user1862438 Nov 08 '21 at 04:52
  • If you can't build-from-source then you may be SOL. Is there a reason you don't have the source-code? – Dai Nov 08 '21 at 05:12
  • @Dai Thank you for the quick replies. I'm actually only patching/maintaining the security vulnerabilities aspect of the Windows server. The application itself is from VMware. – user1862438 Nov 08 '21 at 05:15
  • I suggest you wait for VMWare to get back to you. – Dai Nov 08 '21 at 05:27

0 Answers0