Tuesday 10 July 2007

Another reason not to overload the .NET Framework name

This month’s security bulletin becomes a lot more confusing. It was pretty confusing already, but the extra detail of .NET Framework 3.0 is/is not vulnerable just adds an extra layer.

(Suggestion: update and let your customers know. Since .NET Framework patches are cumulative I expect Barry’s validators are also included.)

1 comment:

Anonymous said...

Service packs are cumulative but QFEs usually aren't. Less than an SP is a rollup that supersedes some number of QFEs.