For a while now our vulnerability scanner has been detecting out of date .NET components on one of our servers and a management workstation; this is related to some software we recently deployed on it. However, none of my attempts to fix the issue make this go away, including the link the finding itself that allegedly leads to the solution.
Finding claims this:
Path : C:\Program Files\dotnet\shared\Microsoft.NETCore.App\3.1.22\
Installed version : 3.1.22
Fixed version : 3.1.30
Apparently this is quite some months behind even our installation date, which is vexing. The link to the solution given is this:
https://dotnet.microsoft.com/en-us/download/dotnet/3.1
I last attempted a fix when Version 3.1.29 was still the most recent, and none of the obvious patches work. Even trying to install every x64 version on that page gets me nowhere (indeed one of the x64 installers actually introduces a vulnerability in the x86 filepath). I have pushed a KB associated with this in our WSUS - KB5019349 - but even that just gets stuck with " Error 0x80244019".
I suspect there's more to this update than I am understanding. How on earth am I expected to keep this file updated, where do I get the real update, and how is it supposed to deploy?
