On 05/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?ÿ Is it really such a security nightmare?

Yours in Confusion,
-T

Was the 'some security this or that' your customer's or your words?


It's basically been on a monthly cumulative update cycle(like Windows)
since RTM(Nov 2023), though no updates have occurred in the month of Dec.

Fyi....There's a 8.0 Runtime and SDK?

<https://dotnet.microsoft.com/en-us/download/dotnet/8.0>
- see above link - after reading, you might ask your customer more
questions on what they need and/or what they are using .NET

Long term supported(LTS) version?
8.0 LTS is 3 years (See above RTM date)
- i.e. do the math, support will end this year(typically like other
MSFT software, in the fall - Oct or Nov. You can Google or Bing for the actual date.



--
...w­¤?ñ?¤

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sat, 5/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?ÿ Is it really such a security nightmare?

Yours in Confusion,
-T

https://en.wikipedia.org/wiki/.NET

"Versioning practice

.NET Core Runtime roughly uses semantic versioning, the major.minor.patch format.
...
Patch versions are given for bug fixes, new platform support,
or other changes not included above.[37]

That means the reason for issue, may not be purely CVE based.

Paul



--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sat, 5/23/2026 3:04 AM, T wrote:

On 5/22/26 11:34 PM, Paul wrote:

On Sat, 5/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?ÿ Is it really such a security nightmare?

Yours in Confusion,
-T

https://en.wikipedia.org/wiki/.NET

ÿÿ "Versioning practice

ÿÿÿ .NET Core Runtime roughly uses semantic versioning, the major.minor.patch format.
ÿÿÿ ...
ÿÿÿ Patch versions are given for bug fixes, new platform support,
ÿÿÿ or other changes not included above.[37]

That means the reason for issue, may not be purely CVE based.

ÿÿÿ Paul

https://ibb.co/Pz0rNXPm

Month after month after month after ...

Notable Changes
.NET 8.0.27 release carries security and non-security fixes.

CVE-2026-32177 | .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a
vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides
guidance on what developers can do to update their applications to remove this vulnerability.

Heap-based buffer overflow in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-35433 | .NET Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about
a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also
provides guidance on what developers can do to update their applications to remove this vulnerability.

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-32175 | .NET Core Tampering Vulnerability

Microsoft is releasing this security advisory to provide information
about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory
also provides guidance on what developers can do to update their applications
to remove this vulnerability.

A tampering vulnerability exists when .NET Core improperly handles specially
crafted files. An attacker who successfully exploited this vulnerability could
write arbitrary files and directories to certain locations on a vulnerable system.
However, an attacker would have limited control over the destination of the files and directories.

To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.

The security update fixes the vulnerability by ensuring .NET Core properly handles files.

CVE-2026-42899 | ASP.NET Core Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information
about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory
also provides guidance on what developers can do to update their
applications to remove this vulnerability.

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows
an unauthorized attacker to deny service over a network.

*******

As a rolling release, you have to expect some level of patching
to be going on.

Look at how many patches the Windows kernel has received.
That's a "hot-spot".

Paul

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 05/23/2026 2:34 AM, Paul wrote:

On Sat, 5/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?ÿ Is it really such a security nightmare?

Yours in Confusion,
-T

https://en.wikipedia.org/wiki/.NET

"Versioning practice

.NET Core Runtime roughly uses semantic versioning, the major.minor.patch format.
...
Patch versions are given for bug fixes, new platform support,
or other changes not included above.[37]

That means the reason for issue, may not be purely CVE based.

Paul

Not unusual for security updates, but as noted platform and code changes
are included in each and every monthly update(typically/routinely
once/mo. except in Dec.)

Also, basically a legacy product. Support ends this year. Migration to
.NET 10 is necessary to maintain the LTS(Long Term Support) path.

i.e. The customer and computer support personnel should be looking
forward rather than concern for security updates included in .NET 8.0
monthly updates.

--
...w­¤?ñ?¤

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sat, 23 May 2026 10:22:45 -0400
"....winston" <winstonmvp@gmail.com> wrote:

On 05/23/2026 2:34 AM, Paul wrote:

On Sat, 5/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?? Is it really such a security nightmare?

Yours in Confusion,
-T

https://en.wikipedia.org/wiki/.NET

"Versioning practice

.NET Core Runtime roughly uses semantic versioning, the major.minor

.patch format.

...
Patch versions are given for bug fixes, new platform support,
or other changes not included above.[37]

That means the reason for issue, may not be purely CVE based.

Paul

Not unusual for security updates, but as noted platform and code changes

are included in each and every monthly update(typically/routinely
once/mo. except in Dec.)

Also, basically a legacy product. Support ends this year. Migration to
.NET 10 is necessary to maintain the LTS(Long Term Support) path.

i.e. The customer and computer support personnel should be looking
forward rather than concern for security updates included in .NET 8.0 monthly updates.

I spurned DotNet bloat when it first raised it's ugly MS-locked-in head.

--
Bah, and indeed Humbug.

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sun, 5/24/2026 6:20 PM, T wrote:

On 5/24/26 4:12 AM, Kerr-Mudd, John wrote:

On Sat, 23 May 2026 10:22:45 -0400
"....winston" <winstonmvp@gmail.com> wrote:

On 05/23/2026 2:34 AM, Paul wrote:

On Sat, 5/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?ÿ Is it really such a security nightmare?

Yours in Confusion,
-T

https://en.wikipedia.org/wiki/.NET

ÿÿÿ "Versioning practice

ÿÿÿÿ .NET Core Runtime roughly uses semantic versioning, the major.minor.patch format.
ÿÿÿÿ ...
ÿÿÿÿ Patch versions are given for bug fixes, new platform support,
ÿÿÿÿ or other changes not included above.[37]

That means the reason for issue, may not be purely CVE based.

ÿÿÿÿ Paul

Not unusual for security updates, but as noted platform and code changes >>> are included in each and every monthly update(typically/routinely
once/mo. except in Dec.)

Also, basically a legacy product. Support ends this year. Migration to
.NET 10 is necessary to maintain the LTS(Long Term Support) path.

i.e. The customer and computer support personnel should be looking
forward rather than concern for security updates included in .NET 8.0
monthly updates.

I spurned DotNet bloat when it first raised it's ugly MS-locked-in head.

Dot Net gives me the creeps too.

As of last week,
ÿÿÿ https://dotnet.microsoft.com/en-us/download/dotnet
M$ only listed 8 as "Long Term Support".ÿ It now lists
10 as also having long term support.

And I am not up to finding out what programs they are
running require what version of dot net.ÿ If 8 is working
for them, then that is the one to keep, until long term
support is discontinued.ÿ There is no sign of that.

Here is an untested script from CoPilot.

This initially started using the following CoPilot Question.

******************** CoPilot Question *******************

How can I scan C: for dotnet assemblies and get specific version information for the programs using such assemblies ?

For example, an IT person notices that .net core version 8 is installed
on a modern Windows OS, and one thing (Intel DSA, something to do with updating an
Intel graphics driver) seems to have caused .net core version 8 to be installed.
How can that IT person scan the C: drive and determine it is the Intel
product and which precise executable which is doing it ?

******************** END: CoPilot Question *******************

This is the script it eventually created. Note that some of the
Windows Apps are stored in Access Denied areas and Administrator
Elevation is unlikely to get you in there. Perhaps running the
script as TrustedInstaller would cover off the missing bits (not
on your customer machine, that suggestion is purely to see
how or if this script works worth a damn).

******************** Scan-DotNetAssemblies.ps1 ************************

<#
Scan-DotNetAssemblies.ps1
Scans C:\ for .NET assemblies, extracts TargetFramework,
maps assemblies to installed programs, and outputs a CSV
listing all assemblies requiring .NET 8.

Also logs directories where access is denied.


$ErrorActionPreference = "SilentlyContinue"

Write-Host "Scanning installed programs..." -ForegroundColor Cyan

# --- Collect installed program info from registry ---
$installedPrograms = @{}

$uninstallPaths = @(
"HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall",
"HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
)

foreach ($path in $uninstallPaths) {
if (Test-Path $path) {
Get-ChildItem $path | ForEach-Object {
$p = Get-ItemProperty $_.PsPath
if ($p.DisplayName -and $p.InstallLocation) {
$installedPrograms[$p.InstallLocation.TrimEnd('\')] = $p.DisplayName
}
}
}
}

Write-Host "Installed program entries loaded: $($installedPrograms.Count)" -ForegroundColor Green

# --- Prepare output collections ---
$results = New-Object System.Collections.Generic.List[Object]
$accessDenied = New-Object System.Collections.Generic.List[String]

Write-Host "Scanning C:\ for .NET assemblies..." -ForegroundColor Cyan

# --- Enumerate files safely, capturing access-denied directories ---
try {
$files = Get-ChildItem -Path "C:\" -Recurse -Include *.dll, *.exe -ErrorAction Stop
}
catch {
# We need a manual walker to capture access-denied paths
function Safe-Enumerate($path) {
try {
Get-ChildItem $path -ErrorAction Stop | ForEach-Object {
if ($_.PSIsContainer) {
Safe-Enumerate $_.FullName
} else {
if ($_.Extension -in ".dll", ".exe") {
$_
}
}
}
}
catch {
$accessDenied.Add($path)
}
}

$files = Safe-Enumerate "C:\"
}

Write-Host "Files found: $($files.Count)" -ForegroundColor Green

# --- Function to extract TargetFramework ---
function Get-TargetFramework($path) {
try {
$asm = [System.Reflection.Assembly]::LoadFile($path)

$tfm = $asm.CustomAttributes |
Where-Object { $_.AttributeType.FullName -eq "System.Runtime.Versioning.TargetFrameworkAttribute" } |
Select-Object -ExpandProperty ConstructorArguments -ErrorAction Ignore |
Select-Object -ExpandProperty Value -ErrorAction Ignore

return $tfm
}
catch {
return $null
}
}

# --- Function to map file to installed program ---
function Map-ToProgram($filePath) {
$dir = Split-Path $filePath -Parent

foreach ($installPath in $installedPrograms.Keys) {
if ($dir -like "$installPath*") {
return $installedPrograms[$installPath]
}
}

return "(No matching installed program)"
}

Write-Host "Analyzing assemblies..." -ForegroundColor Cyan

foreach ($file in $files) {
$tfm = Get-TargetFramework $file.FullName

if ($tfm -and $tfm -match "net8") {
$program = Map-ToProgram $file.FullName

$results.Add([PSCustomObject]@{
FilePath = $file.FullName
TargetFramework = $tfm
Program = $program
})
}
}

# --- Output CSV ---
$outFile = "$env:USERPROFILE\Desktop\DotNet8_Assemblies.csv"
$results | Export-Csv -Path $outFile -NoTypeInformation -Encoding UTF8

# --- Output access-denied log ---
$denyFile = "$env:USERPROFILE\Desktop\AccessDenied_Directories.txt" $accessDenied | Sort-Object -Unique | Out-File $denyFile -Encoding UTF8

Write-Host ""
Write-Host "Scan complete!" -ForegroundColor Green
Write-Host "Results saved to: $outFile"
Write-Host "Access-denied directories saved to: $denyFile"

******************** END: Scan-DotNetAssemblies.ps1 ************************

You can see that's not much of a scan, as it does not look "everywhere",
it looks in curated places. A program must be "installed" to be note-worthy
to the scanner.

If you need ammunition, start with a junk install on a physical machine
(the kind of junk installs I do on my other computers when a VM
install will not suffice), and you may be able to "spot" this one.
It apparently installs a runtime for .NET 9, but it could be doing
it in a private manner. This is just the first thing that came to mind regarding dotnet executables. It may not be the absolute best example.
The page has the usual trashy teaser-dialogs you're not supposed to press :-) And a google-vignette for you to press the reload icon on your browser
and continue on with the download step after that.

https://www.getpaint.net/download.html

I'd do all of this, but I don't have Intel graphics (and Intel drivers) to test the DSA theory.
Lots of people have laptops with an Intel iGPU, which may make them
good candidates for a throwaway install on a scratch drive. I don't
have a good Intel-flavored machine for this sort of test of Intel stuffings
as a possible source of .NET 8.0 involvement.

Paul


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sun, 5/24/2026 9:14 PM, Paul wrote:

******************** Scan-DotNetAssemblies.ps1 ************************

******************** END: Scan-DotNetAssemblies.ps1 ************************

Well, very funny and mostly worthless.

It claimed to find 7 files for executables.

Then it proceeded to analyze ~41000 items, which would include
some quantity of WinSxS contents.

At some point, it blew an error while trying to load an assembly.

The two output files were mostly... blank.

It did not seem to pick up my copy of paint.net freshly installed.

Paul


--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sun, 5/24/2026 10:55 PM, Paul wrote:

On Sun, 5/24/2026 9:14 PM, Paul wrote:

******************** Scan-DotNetAssemblies.ps1 ************************

******************** END: Scan-DotNetAssemblies.ps1 ************************

Well, very funny and mostly worthless.

It claimed to find 7 files for executables.

Then it proceeded to analyze ~41000 items, which would include
some quantity of WinSxS contents.

At some point, it blew an error while trying to load an assembly.

The two output files were mostly... blank.

It did not seem to pick up my copy of paint.net freshly installed.

Paul

OK, by debugging the script, this is the type of output
it is collecting. The script is able to collect old-style information
about .NET up to maybe 4.8 or so, but not the newer stuff.

C:\Program Files\Paint.NET\System.Diagnostics.FileVersionInfo.dll
.NETFramework,Version=v4.6

This is how I modified the script, to print out some debug info to console.

Write-Host "Analyzing assemblies..." -ForegroundColor Cyan

foreach ($file in $files) {
$tfm = "" <=== clear tfm first
$tfm = Get-TargetFramework $file.FullName
Write-Output $file.FullName <=== print the filename
Write-Output $tfm <=== if there is a .NET assembly, print it


if ($tfm -and $tfm -match "=v8") { <=== The script isn't matching the right quantity...
$program = Map-ToProgram $file.FullName

$results.Add([PSCustomObject]@{
FilePath = $file.FullName
TargetFramework = $tfm
Program = $program
})
}
}

But since it does not mesh with the Core ones at all,
the effort appears useless.

CoPilot admits an extra step is required to go the extra mile.
It will take Powershell 7 to do it

"PowerShell 7 (pwsh) because EventPipe APIs are only available in .NET Core"

I got the PowerShell 7 installed, the executable was hidden in one of
those places Agent Ransack could not find it (it gets installed in an App hole).

But this script, if I watch it with Process Monitor, it's getting nowhere fast. Just the FindNextFile loop (it is recursively walking the tree the way FindNextFile would) doesn't seem to be working as expected. It
does not finish the "Scanning C:\ for executables" section. It almost looks like an infinite loop.

*********************** Detect-DotNet8RuntimeUsage.ps1 ********************

<#
Detect-DotNet8RuntimeUsage.ps1
Scans C:\ for EXEs, launches each in suspended mode,
attaches to .NET Core runtime event stream (EventPipe),
and detects which EXEs load Microsoft.NETCore.App 8.x.

Outputs:
- DotNet8_RuntimeUsage.csv
- AccessDenied_Directories.txt


$ErrorActionPreference = "SilentlyContinue"

Write-Host "Scanning C:\ for executables..." -ForegroundColor Cyan

# --- Collect EXEs safely, capturing access-denied directories --- $accessDenied = New-Object System.Collections.Generic.List[String]

function Safe-Enumerate($path) {
try {
Get-ChildItem $path -ErrorAction Stop | ForEach-Object {
if ($_.PSIsContainer) {
Safe-Enumerate $_.FullName
} else {
if ($_.Extension -eq ".exe") {
$_
}
}
}
}
catch {
$accessDenied.Add($path)
}
}

$files = Safe-Enumerate "C:\"

Write-Host "Executables found: $($files.Count)" -ForegroundColor Green

# --- Prepare output ---
$results = New-Object System.Collections.Generic.List[Object]

# --- Function: Check if EXE loads .NET 8 ---
function Test-DotNet8Runtime($exePath) {
try {
# Start process suspended
$p = Start-Process -FilePath $exePath -PassThru -WindowStyle Hidden

Start-Sleep -Milliseconds 300

# Attach to .NET runtime event stream
$session = [System.Diagnostics.Tracing.EventPipeEventSource]::new($p.Id)

$loaded8 = $false

$session.Dynamic.All += {
param($event)
if ($event.EventName -eq "AssemblyLoad") {
$name = $event.Payload["AssemblyName"]
if ($name -match "Microsoft\.NETCore\.App.*8\.") {
$loaded8 = $true
}
}
}

# Process events briefly
$session.Process() | Out-Null

# Kill process immediately
Stop-Process -Id $p.Id -Force

return $loaded8
}
catch {
return $false
}
}

Write-Host "Analyzing runtime behavior..." -ForegroundColor Cyan

foreach ($file in $files) {
Write-Host "Checking: $($file.FullName)" -ForegroundColor DarkGray

if (Test-DotNet8Runtime $file.FullName) {
$results.Add([PSCustomObject]@{
Executable = $file.FullName
LoadsDotNet8 = $true
})
}
}

# --- Output CSV ---
$outFile = "$env:USERPROFILE\Desktop\DotNet8_RuntimeUsage.csv"
$results | Export-Csv -Path $outFile -NoTypeInformation -Encoding UTF8

# --- Output access-denied log ---
$denyFile = "$env:USERPROFILE\Desktop\AccessDenied_Directories.txt" $accessDenied | Sort-Object -Unique | Out-File $denyFile -Encoding UTF8

Write-Host ""
Write-Host "Scan complete!" -ForegroundColor Green
Write-Host "Results saved to: $outFile"
Write-Host "Access-denied directories saved to: $denyFile"

*********************** END Detect-DotNet8RuntimeUsage.ps1 ********************

I really wish I had a dollar for every bad idea... :-)

Paul

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 05/24/2026 6:20 PM, T wrote:

On 5/24/26 4:12 AM, Kerr-Mudd, John wrote:

On Sat, 23 May 2026 10:22:45 -0400
"....winston" <winstonmvp@gmail.com> wrote:

On 05/23/2026 2:34 AM, Paul wrote:

On Sat, 5/23/2026 12:49 AM, T wrote:

Hi All,

I have to do VulnDetet updates of vulnerable programs once
a week on several customers as part of PCI testing.

One customer has to get "Microsoft .NET Desktop Runtime 8",
the long term supported version, updated every month because
of some security this or that.

Is there something about Microsoft .NET Desktop Runtime 8 I
should know?ÿ Is it really such a security nightmare?

Yours in Confusion,
-T

https://en.wikipedia.org/wiki/.NET

ÿÿÿ "Versioning practice

ÿÿÿÿ .NET Core Runtime roughly uses semantic versioning, the
major.minor.patch format.
ÿÿÿÿ ...
ÿÿÿÿ Patch versions are given for bug fixes, new platform support,
ÿÿÿÿ or other changes not included above.[37]

That means the reason for issue, may not be purely CVE based.

ÿÿÿÿ Paul

Not unusual for security updates, but as noted platform and code changes >>> are included in each and every monthly update(typically/routinely
once/mo. except in Dec.)

Also, basically a legacy product. Support ends this year. Migration to
.NET 10 is necessary to maintain the LTS(Long Term Support) path.

i.e. The customer and computer support personnel should be looking
forward rather than concern for security updates included in .NET 8.0
monthly updates.

I spurned DotNet bloat when it first raised it's ugly MS-locked-in head.

Dot Net gives me the creeps too.

As of last week,
ÿÿÿ https://dotnet.microsoft.com/en-us/download/dotnet
M$ only listed 8 as "Long Term Support".ÿ It now lists
10 as also having long term support.

And I am not up to finding out what programs they are
running require what version of dot net.ÿ If 8 is working
for them, then that is the one to keep, until long term
support is discontinued.ÿ There is no sign of that.

Maybe you missed these notifications and dates.

.NET 8.0 release LTS date was in the fall of 2023 with documented notice
of 3 yrs support(i.e end of support in fall or 2026)
.NET 9.0 release date(interim, no LTS) in fall 2024 with documented
notice 2 yrs of support(i.e. end of support in the fall of 2026)
.Net 10.0 release LTS date in fall of 2025(November) with documented
notice of 3yrs support(i.e. end of support in fall of 2028)

Not now, but 6 months ago, .NET 10 was listed as the next LTS version
on Nov. 11, 2025 with EOL on Nov. 10, 2028



--
...w­¤?ñ?¤

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 05/24/2026 11:58 PM, T wrote:

On 5/24/26 7:55 PM, Paul wrote:

On Sun, 5/24/2026 9:14 PM, Paul wrote:

********************ÿ Scan-DotNetAssemblies.ps1
************************

********************ÿ END: Scan-DotNetAssemblies.ps1
************************

Well, very funny and mostly worthless.

It claimed to find 7 files for executables.

Then it proceeded to analyze ~41000 items, which would include
some quantity of WinSxS contents.

At some point, it blew an error while trying to load an assembly.

The two output files were mostly... blank.

It did not seem to pick up my copy of paint.net freshly installed.

ÿÿÿ Paul

I use VulnDetect on my PCI SAQ-C+ customers.ÿ VulnDetect does
a good job finding dot net's.

Weird, I still find some software packages that want dot
not 3.5.

Not weird, but known for some time(7 months)

.NET 3.5 is a Windows only run-time, .NET 8 is cross-platform(Windows, Linux, MacOS, IOS, Android).
.NET 3.5 remains an available option(app/program and installer), until availability(installer) ends in Jan. 2029)
i.e. a bit less than 3 more years of support.

Microsoft re-confirmed the .NET 3.5 EOL and change to .NET 3.5 no longer
to be available as a 'Windows Feature on Demand' optional component on
Oct 8. 2025.


--
...w­¤?ñ?¤

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Mon, 5/25/2026 1:29 AM, Paul wrote:

On Sun, 5/24/2026 10:55 PM, Paul wrote:

On Sun, 5/24/2026 9:14 PM, Paul wrote:

******************** Scan-DotNetAssemblies.ps1 ************************ >>
******************** END: Scan-DotNetAssemblies.ps1 ************************

Well, very funny and mostly worthless.

It claimed to find 7 files for executables.

Then it proceeded to analyze ~41000 items, which would include
some quantity of WinSxS contents.

At some point, it blew an error while trying to load an assembly.

The two output files were mostly... blank.

It did not seem to pick up my copy of paint.net freshly installed.

Paul

OK, by debugging the script, this is the type of output
it is collecting. The script is able to collect old-style information
about .NET up to maybe 4.8 or so, but not the newer stuff.

C:\Program Files\Paint.NET\System.Diagnostics.FileVersionInfo.dll
.NETFramework,Version=v4.6

This is how I modified the script, to print out some debug info to console.

Write-Host "Analyzing assemblies..." -ForegroundColor Cyan

foreach ($file in $files) {
$tfm = "" <=== clear tfm first
$tfm = Get-TargetFramework $file.FullName
Write-Output $file.FullName <=== print the filename
Write-Output $tfm <=== if there is a .NET assembly, print it

if ($tfm -and $tfm -match "=v8") { <=== The script isn't matching the right quantity...
$program = Map-ToProgram $file.FullName

$results.Add([PSCustomObject]@{
FilePath = $file.FullName
TargetFramework = $tfm
Program = $program
})
}
}

But since it does not mesh with the Core ones at all,
the effort appears useless.

CoPilot admits an extra step is required to go the extra mile.
It will take Powershell 7 to do it

"PowerShell 7 (pwsh) because EventPipe APIs are only available in .NET Core"

I got the PowerShell 7 installed, the executable was hidden in one of
those places Agent Ransack could not find it (it gets installed in an App hole).

But this script, if I watch it with Process Monitor, it's getting nowhere fast.
Just the FindNextFile loop (it is recursively walking the tree the way FindNextFile would) doesn't seem to be working as expected. It
does not finish the "Scanning C:\ for executables" section. It almost looks like an infinite loop.

*********************** Detect-DotNet8RuntimeUsage.ps1 ********************

<#
Detect-DotNet8RuntimeUsage.ps1
Scans C:\ for EXEs, launches each in suspended mode,
attaches to .NET Core runtime event stream (EventPipe),
and detects which EXEs load Microsoft.NETCore.App 8.x.

Outputs:
- DotNet8_RuntimeUsage.csv
- AccessDenied_Directories.txt

$ErrorActionPreference = "SilentlyContinue"

Write-Host "Scanning C:\ for executables..." -ForegroundColor Cyan

# --- Collect EXEs safely, capturing access-denied directories --- $accessDenied = New-Object System.Collections.Generic.List[String]

function Safe-Enumerate($path) {
try {
Get-ChildItem $path -ErrorAction Stop | ForEach-Object {
if ($_.PSIsContainer) {
Safe-Enumerate $_.FullName
} else {
if ($_.Extension -eq ".exe") {
$_
}
}
}
}
catch {
$accessDenied.Add($path)
}
}

$files = Safe-Enumerate "C:\"

Write-Host "Executables found: $($files.Count)" -ForegroundColor Green

# --- Prepare output ---
$results = New-Object System.Collections.Generic.List[Object]

# --- Function: Check if EXE loads .NET 8 ---
function Test-DotNet8Runtime($exePath) {
try {
# Start process suspended
$p = Start-Process -FilePath $exePath -PassThru -WindowStyle Hidden

Start-Sleep -Milliseconds 300

# Attach to .NET runtime event stream
$session = [System.Diagnostics.Tracing.EventPipeEventSource]::new($p.Id)

$loaded8 = $false

$session.Dynamic.All += {
param($event)
if ($event.EventName -eq "AssemblyLoad") {
$name = $event.Payload["AssemblyName"]
if ($name -match "Microsoft\.NETCore\.App.*8\.") {
$loaded8 = $true
}
}
}

# Process events briefly
$session.Process() | Out-Null

# Kill process immediately
Stop-Process -Id $p.Id -Force

return $loaded8
}
catch {
return $false
}
}

Write-Host "Analyzing runtime behavior..." -ForegroundColor Cyan

foreach ($file in $files) {
Write-Host "Checking: $($file.FullName)" -ForegroundColor DarkGray

if (Test-DotNet8Runtime $file.FullName) {
$results.Add([PSCustomObject]@{
Executable = $file.FullName
LoadsDotNet8 = $true
})
}
}

# --- Output CSV ---
$outFile = "$env:USERPROFILE\Desktop\DotNet8_RuntimeUsage.csv"
$results | Export-Csv -Path $outFile -NoTypeInformation -Encoding UTF8

# --- Output access-denied log ---
$denyFile = "$env:USERPROFILE\Desktop\AccessDenied_Directories.txt" $accessDenied | Sort-Object -Unique | Out-File $denyFile -Encoding UTF8

Write-Host ""
Write-Host "Scan complete!" -ForegroundColor Green
Write-Host "Results saved to: $outFile"
Write-Host "Access-denied directories saved to: $denyFile"

*********************** END Detect-DotNet8RuntimeUsage.ps1 ********************

I really wish I had a dollar for every bad idea... :-)

OK, to try to ensure I had a DotNet8 executable, I made my own :-)

Using Visual Studio 2022 (which still accepts the DotNet8 SDK),
I was able to write a CSharp console program. Visual Studio has
Templates for program development -- if I'd made a Windowed version,
it would add the prototype of the "Event Loop" for a windowed application.
But with a console program (just runs in terminal), there is
no "glue code" needed at all. And just my luck, the Template
has the write statement for Hello World as part of the Template.
I don't even have to type that line.

I know you don't need it, but here is the result of testing
just the one directory for dotnet8 content. And I got a declaration
of True, but I haven't figured out why my attempt to debug-print
the Assembly Name, that did not work. My knowledge of Powershell,
is pretty minimal.

[Picture] Detect-One-DotNet8.gif

https://postimg.cc/ykfR6DkQ

https://imgur.com/a/apvF7z7

So now I can write on my resume... well no not really :-)
That doesn't make me a CSharp programmer. I would get stopped
dead during The Interview, where they ask trick questions that
don't involve "Hello World".

Paul



--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-05-26 10:06, Paul wrote:

So now I can write on my resume... well no not really ?
That doesn't make me a CSharp programmer. I would get stopped
dead during The Interview, where they ask trick questions that
don't involve "Hello World".

:-)

However, I'm not sure such questions are still asked ... anything
involving programming seems to be so badly done these days. A real
world example:

Yesterday I had a really good day. Against the forecast, it was dry
from the early hours, a good wind was blowing, so by afternoon my
extensive areas of grass were unexpectedly dry enough to mow, and I was
done by 18:00 with what I had expected to have to do today.

Following the rules of the politically incorrectly named Murphy's Law, I shouldn't've expected to be so lucky today, and so it proved. Last
night, assuming that the forecast had at least a chance of being
correct, I put in a whites wash (also politically incorrectly named?
I'll pass on that!) to complete by 09:00. When I began to unload it, I realised that the spin cycle had apparently failed, because everything
was dripping. So I stuffed the washing back in, and set a manual spin
to go, and stayed to watch what happened. The drum turned over a few
times in one direction only, but only clicked when it should have been
turning in the other, and didn't spin.

What's this got to do with programming? This washing machine is full of sensors for temperature (it has to know when to stop heating the water),
and whether the drum is still moving, etc, so it 'knows' the state of
things, so why make me wait a maddening two minutes or so before I can
open the door when the washing is stone cold and the drum has stopped
moving?

Worse still, on this occasion the door wouldn't then open. The usual
fix is to turn the machine off, wait the maddening two minutes, then
turn it on for a few seconds and off again, and listen for the click of
the relay as you do so. This time, nothing, nada, zilch. So then you
have to turn it off again, get down on your knees (I'm in my 70s, and
seized up stiff from all the exertion of yesterday), and with a
screwdriver or like pull down upon a manual release mechanism. The door remained firmly closed. Eventually, realising that perhaps I'd over
loaded the machine, I got it open by repeating the above, this time
pushing inwards on the door. I split the load in two, and now thank
heavens it's spinning. The sun is out, the wind is blowing, and
hopefully all will be well.

But why make the user wait two minutes even when it's totally unjustified?





--

Fake news kills!

I may be contacted via the contact address given on my website: www.macfh.co.uk


--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, 5/26/2026 5:58 AM, Java Jive wrote:

On 2026-05-26 10:06, Paul wrote:

So now I can write on my resume... well no not really ?
That doesn't make me a CSharp programmer. I would get stopped
dead during The Interview, where they ask trick questions that
don't involve "Hello World".

:-)

However, I'm not sure such questions are still asked ... anything involving programming seems to be so badly done these days.ÿ A real world example:

Yesterday I had a really good day.ÿ Against the forecast, it was dry from the early hours, a good wind was blowing, so by afternoon my extensive areas of grass were unexpectedly dry enough to mow, and I was done by 18:00 with what I had expected to have to do today.

Following the rules of the politically incorrectly named Murphy's Law, I shouldn't've expected to be so lucky today, and so it proved.ÿ Last night, assuming that the forecast had at least a chance of being correct, I put in a whites wash (also politically incorrectly named? I'll pass on that!) to complete by 09:00.ÿ When I began to unload it, I realised that the spin cycle had apparently failed, because everything was dripping.ÿ So I stuffed the washing back in, and set a manual spin to go, and stayed to watch what happened.ÿ The drum turned over a few times in one direction only, but only clicked when it should have been turning in the other, and didn't spin.

What's this got to do with programming?ÿ This washing machine is full of sensors for temperature (it has to know when to stop heating the water), and whether the drum is still moving, etc, so it 'knows' the state of things, so why make me wait a maddening two minutes or so before I can open the door when the washing is stone cold and the drum has stopped moving?

Worse still, on this occasion the door wouldn't then open.ÿ The usual fix is to turn the machine off, wait the maddening two minutes, then turn it on for a few seconds and off again, and listen for the click of the relay as you do so.ÿ This time, nothing, nada, zilch.ÿ So then you have to turn it off again, get down on your knees (I'm in my 70s, and seized up stiff from all the exertion of yesterday), and with a screwdriver or like pull down upon a manual release mechanism.ÿ The door remained firmly closed.ÿ Eventually, realising that perhaps I'd over loaded the machine, I got it open by repeating the above, this time pushing inwards on the door.ÿ I split the load in two, and now thank heavens it's spinning.ÿ The sun is out, the wind is blowing, and hopefully all will be well.

But why make the user wait two minutes even when it's totally unjustified?

That's why on the outside of the box it came in, it
says "now with extra puzzles!". You can code up some
cool puzzles for people with all this processor madness.

My new refrigerator, it's playing 4D chess in there,
as it figures out whether a warming chamber in the
machine should be attended to or not. But at least it
doesn't have a two digit "error code" display to provide
amusement value. You know you are in for a good time,
when an appliance has the magical two digits for output.

"It's showing 33"

"Well, tip it on its side, and see if water runs onto the floor"

Paul




--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, 5/26/2026 5:06 AM, Paul wrote:

OK, to try to ensure I had a DotNet8 executable, I made my own :-)

Using Visual Studio 2022 (which still accepts the DotNet8 SDK),
I was able to write a CSharp console program. Visual Studio has
Templates for program development -- if I'd made a Windowed version,
it would add the prototype of the "Event Loop" for a windowed application. But with a console program (just runs in terminal), there is
no "glue code" needed at all. And just my luck, the Template
has the write statement for Hello World as part of the Template.
I don't even have to type that line.

I know you don't need it, but here is the result of testing
just the one directory for dotnet8 content. And I got a declaration
of True, but I haven't figured out why my attempt to debug-print
the Assembly Name, that did not work. My knowledge of Powershell,
is pretty minimal.

[Picture] Detect-One-DotNet8.gif

https://postimg.cc/ykfR6DkQ

https://imgur.com/a/apvF7z7

So now I can write on my resume... well no not really :-)
That doesn't make me a CSharp programmer. I would get stopped
dead during The Interview, where they ask trick questions that
don't involve "Hello World".

By having two OSes on the machine, I can test how the program
responds if the dotnet8 is missing. I ran my test program,
without the library being installed for it.

*******
PS H:\Users\Bullwinkle\source\repos\HelloCSharp\bin\Debug\net8.0> .\HelloCSharp.exe

It was not possible to find any compatible framework version
The framework 'Microsoft.NETCore.App', version '8.0.0' (x64) was not found.
- The following frameworks were found:
6.0.4 at [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]

You can resolve the problem by installing the specified framework and/or SDK.

The specified framework can be found at:
- https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=8.0.0&arch=x64&rid=win10-x64

PS H:\Users\Bullwinkle\source\repos\HelloCSharp\bin\Debug\net8.0>
*******

The program is most likely to have a manifest.

Length Name
------ ----
425 HelloCSharp.deps.json <=== text file for manifest
4608 HelloCSharp.dll
151552 HelloCSharp.exe <=== fancy EXE with added messages about where to find a library
10512 HelloCSharp.pdb
268 HelloCSharp.runtimeconfig.json <=== text file for manifest

But because these structures hide in an "access denied" area
on the C: drive when installed, these are not "casually accessible"
by visitors to the machine.

You will need to use a search method, which absolutely visits every nook and cranny in the machine, to find such files and examine them for an indicative-manifest.
These are the two JSON files. Real applications likely require some crypto for protection,
and a debug version "won't be signed". If this was an Intel executable, it would be
a Release type of my development folder, rather than the Debug type.

{
"runtimeTarget": {
"name": ".NETCoreApp,Version=v8.0",
"signature": ""
},
"compilationOptions": {},
"targets": {
".NETCoreApp,Version=v8.0": {
"HelloCSharp/1.0.0": {
"runtime": {
"HelloCSharp.dll": {}
}
}
}
},
"libraries": {
"HelloCSharp/1.0.0": {
"type": "project",
"serviceable": false,
"sha512": ""
}
}
}

or perhaps

{
"runtimeOptions": {
"tfm": "net8.0",
"framework": {
"name": "Microsoft.NETCore.App",
"version": "8.0.0"
},
"configProperties": {
"System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": false
}
}
}

If you make a Macrium backup of C: , then mount the MRIMG and tick the
"allow access to restricted areas", you can then scan the K: virtual drive
for the material in question (some likely-looking JSON file). In a test I
did, I used WSL2 and visited /mnt/k in Linux, and the unrestricted access
does not work in there. K: virtual drive is only unrestricted at
the Windows host level. Which is a bit strange. And as you might expect,
if you're in WSL2 and looking at /mnt/c , you also cannot get into the restricted areas from there. While Macrium does give us a way of getting
into these places, it's a bit limited as to exactly how many
environments that works in.

Paul

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, 26 May 2026 13:11:49 -0700
T <T@invalid.invalid> wrote:

On 5/26/26 11:13 AM, Paul wrote:

That's why on the outside of the box it came in, it
says "now with extra puzzles!". You can code up some
cool puzzles for people with all this processor madness.

I don't want to brag, But I finished the puzzle in a
week and it said 2-4 years on the box.

Sorry, I've never solved .NET runtime. Probably never will.

I believe wasting processor power is now the remit of the AI boom
entrepeneurs.
--
Bah, and indeed Humbug.

--- PyGate Linux v1.5.15
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)