.NET Framework 4.7.1 EA released

Early Access of popular Microsoft framework is available now with new features nad improvements 
22 August 2017   2953

Microsoft team is happy to announce the new early access version of .NET Framework. New version 4.72. is currently feature-complete and in the testing phase. Note that it is not ready for production and is not supported. This is reported by the Microsoft blog.

What's new?

This pre-release build of .NET Framework 4.7.1 have these features:

  • .NET Framework support for .NET Standard 2.0.
  • Enhancements in the Visual Tree for WPF applications.
  • Accessibility improvements in keyboard navigation, narration, high contrast and focus control areas.
  • Support for the more secure SHA256 hashing algorithm.
  • Performance and reliability improvements.

Please note! The .NET Framework 4.7.1 will replace any existing .NET Framework 4 and later installation on your machine. This means all .NET Framework 4 and later applications on your machine will run on the .NET Framework early access builds upon installation. That’s great for testing, but a potential problem for production workloads (at this stage in the release).

Installation

Small step-by-step guide:

  • Go to the .NET Framework Early Access site
  • Review, accept the pre-release license terms and download the current build.
  • Provide your feedback by reporting an issue at the .NET Framework Early Access GitHub repository.

New release is available at:

  • Windows 10 Creators Update
  • Windows 10 Anniversary Update
  • Windows 8.1
  • Windows 7 SP1

It also installs on the following server platforms:

  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1

Get more info about changes at release notes

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1694

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.