"It's a false positive," her junior dev, Marcus, insisted. "The scanners see that header and think we're ancient. We’re actually on 4.8."
If you are running original .NET 4.0 (v4.0.30319 with a low build number) on an unsupported OS, you are accumulating unknown risk. Exploits for undisclosed 0-days in the CLR's JIT compiler or garbage collector exist; they are just not public. microsoft net framework 4.0 v 30319 vulnerabilities
HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client "It's a false positive," her junior dev, Marcus, insisted
Leaving this version exposed on a production network is a security incident waiting to happen. Exploits for undisclosed 0-days in the CLR's JIT
| CVE | Impact | Exploitability on 4.0 RTM | |------|--------|----------------------------| | CVE-2017-8759 | RCE | High | | CVE-2017-8585 | EoP | High | | CVE-2015-2545 | RCE | High | | CVE-2017-11770 | RCE | High | | CVE-2018-8260 | RCE | Medium-High | | CVE-2019-0545 | RCE | High | | CVE-2017-0283 | RCE | Medium |