Sign up to save your podcasts
Or
Share A CVE for every Season
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
A CVE for every Season
Last Week in .NET - 3/13/2021
๐There's a new proposal for a "static abstract" keyword. My brain is foggy on the use-cases here; but let's go with it.
๐จ Do you use System.Text.Encodings.Web? There's a vulnerability that has been patched. The vulnerability is captured in CVE-2021-26701
This vulnerability has been patched with the release of .NET 5.0.4, and .NET Core 3.1.13.
For .NET 5.0.4, .NET 3.1.13, and .NET 2.1.26 this is a patch release that contains the CVE Fix. The usual provisos apply and patch your systems.
๐ .NET 6.0.0 Preview 2 has been released. .NET 6.0.02 Preview 2 has been released. This release includes faster blazor compilation, CSS Isolation for ASP.NET MVC views and Razor pages, more blazor improvements, and some MAUI thrown in for good measure.
๐ท๐จโโ๏ธ .NET 6 introduced the Priority Queue and an enterprising Khalid Abuakumah shows how it works with a nice Avengers example Black Widow and Dr. Strange are far too down on his list, but other than that it's a pretty good ranking.
๐ฅ There's a Windbg video series out, and as someone who has had to suffer through the blog posts and documentation, I'm glad they've taken to video. You won't need Windbg until you do, and by then you'll wish you had already watched these videos.
๐ต๏ธโโ๏ธ There's a nasty CVE out that details vulnerabilities in Microsoft's DNS server. You know, that server that generally serves AD environments? There's a paper out about the CVEs.
๐ฆ Do you remember the Exchange CVE from last week? (If you haven't patched your Exchange server, please, do so. Now.), well some security researchers published a Proof of Concept on Github (PoC) and that PoC was taken down by Microsoft. Without any word from Microsoft, I can only take this as bad behavior on their part. Exposing this research only helps the pen-testers and security research community improve their craft; and the bad guys already had this information anyway. Taking it down from Github just reminds us that Microsoft owns Github; which may not be such a good. Plan accordingly.
๐ง๐ Visual Studio now lets you remove unused references which brings it up to par with ReSharper from... 2012.
๐ฎโโ๏ธ Microsoft has a security scanner that can tell you if there are backdoors installed on your server I don't know if it can find rootkits, but there is a little comfort in this tool.
๐ต๏ธโโ๏ธ CISA has released new info on webshells created by the Exchange exploit. Keep a look out if you're an SRE.
Jobs
๐ฐ Microsoft has an opening for a Senior Program Manager in... Data Storage for its Azure team.
View all episodes
By George Stocker
5
22 ratings
Last Week in .NET - 3/13/2021
๐There's a new proposal for a "static abstract" keyword. My brain is foggy on the use-cases here; but let's go with it.
๐จ Do you use System.Text.Encodings.Web? There's a vulnerability that has been patched. The vulnerability is captured in CVE-2021-26701
This vulnerability has been patched with the release of .NET 5.0.4, and .NET Core 3.1.13.
For .NET 5.0.4, .NET 3.1.13, and .NET 2.1.26 this is a patch release that contains the CVE Fix. The usual provisos apply and patch your systems.
๐ .NET 6.0.0 Preview 2 has been released. .NET 6.0.02 Preview 2 has been released. This release includes faster blazor compilation, CSS Isolation for ASP.NET MVC views and Razor pages, more blazor improvements, and some MAUI thrown in for good measure.
๐ท๐จโโ๏ธ .NET 6 introduced the Priority Queue and an enterprising Khalid Abuakumah shows how it works with a nice Avengers example Black Widow and Dr. Strange are far too down on his list, but other than that it's a pretty good ranking.
๐ฅ There's a Windbg video series out, and as someone who has had to suffer through the blog posts and documentation, I'm glad they've taken to video. You won't need Windbg until you do, and by then you'll wish you had already watched these videos.
๐ต๏ธโโ๏ธ There's a nasty CVE out that details vulnerabilities in Microsoft's DNS server. You know, that server that generally serves AD environments? There's a paper out about the CVEs.
๐ฆ Do you remember the Exchange CVE from last week? (If you haven't patched your Exchange server, please, do so. Now.), well some security researchers published a Proof of Concept on Github (PoC) and that PoC was taken down by Microsoft. Without any word from Microsoft, I can only take this as bad behavior on their part. Exposing this research only helps the pen-testers and security research community improve their craft; and the bad guys already had this information anyway. Taking it down from Github just reminds us that Microsoft owns Github; which may not be such a good. Plan accordingly.
๐ง๐ Visual Studio now lets you remove unused references which brings it up to par with ReSharper from... 2012.
๐ฎโโ๏ธ Microsoft has a security scanner that can tell you if there are backdoors installed on your server I don't know if it can find rootkits, but there is a little comfort in this tool.
๐ต๏ธโโ๏ธ CISA has released new info on webshells created by the Exchange exploit. Keep a look out if you're an SRE.
Jobs
๐ฐ Microsoft has an opening for a Senior Program Manager in... Data Storage for its Azure team.