For anyone who runs vulnerability scans on their devices, I can almost guarantee you’re constantly battling with .NET versions that are no longer supported or out of date, with the most recent being Dot Net 6.

In this post, I’m going to outline my recommendations to help assist in the battle.

Enabling Auto Updates

Within Windows Updates, you can enable Receive updates for other Microsoft products.

Once this has been enabled, if there’s an update available for the Dot Net version on your device – it will get updated. What I like about this, once you’ve created your Update Policy/Schedule – you can just leave it. Next time updates are triggered, it won’t only updates Windows, but also Dot Net.

To enable this manually, go to Settings > Windows Updates > Advanced options > Turn on the toggle switch.

If you have loads of machines, where you want to enable this setting – it could be done through a Group Policy or push out a PowerShell Script via your RMM (Remote Monitoring and Management) Tool.

(New-Object -com “Microsoft.Update.ServiceManager”).AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,””)

If you’re worried about what other Microsoft products it updates too, Microsoft have released a full list here…

Uninstalling Other Versions*

Unfortunately, there isn’t a simple way to remove old/end of life versions without installing the Dot Net uninstallation tool via Microsoft/GitHub – .NET uninstall. If you don’t want the tool, it is a manual job of using Control Panel (if you do know a way, let me know).

Once the tool has been installed, you can then use PowerShell Scripts to remove old versions. You do need to restart the machine after installation. The installation is a MSI file, allowing you to push out via an RMM Tool, Intune or Group Policy with ease.

An example of a script;

dotnet-core-uninstall remove –all-below 8.0.5 –runtime

The above states that if there is a version of Runtime below version 8.0.5, then uninstall it. I often just update the versioning number…

*Disclaimer: Please note, there are some applications that may require old versions of .Net to run and function, if you remove these versions, it can cause applications to stop working.