Microsoft warns about the risks of outdated .NET installations. These runtimes are not a core component of Windows, and updating is the administrator’s responsibility. Moreover, applications that rely on them must also be updated.
Microsoft warns about the dangers of outdated .NET runtimes. When these remain in use, security issues arise. The .NET Framework was once a core component of Windows that received automatic updates, but .Net Core does not have this status.
.NET is only installed when applications require the runtime. Microsoft updates .NET through an annual release cycle and currently no longer supports versions older than .NET 8 from 2023. We are now at version 10.
Not just a task for administrators
The situation is a bit more complex than simply updating on time. An update to .NET does not imply that applications are immediately compatible. Every application using a version of .NET must be adapted by the developer to work with the latest version. This requires a change in the code and is therefore not a task that administrators can undertake alone.
Collaboration with developers is therefore important, as is an overview of relevant applications and which version of .NET they use. You can find an overview of this via a tool that Microsoft makes available here. Download it and run the command listdlls.exe -d coreclr.dll -accepteula -v with administrator rights to get an overview.
Insufficiently known
Microsoft finds it necessary to inform administrators of this (long-existing) situation through a detailed blog post. This illustrates that the use of .NET and more specifically updating it correctly is not yet universally done properly.
Those who don’t update risk security issues and instability, as bugs are no longer remediated.