Barn Door Security
Office Macros remain Microsoft's Security Kryptonite, Azure BaaS has been shutdown.
🔧 Dave a Brock writes on how to use Configuration with C# 9 Top Level Programs One of the nicer features of C# 9 was pulling out the ceremony of the Main method. Dave uses this blog post to show how you can use configuration in this new world of no Main method. Now if only there weren't years of documentation showing varying ways to use configuration for varying versions of .NET Core.
📔 There's an Adobe Reader 0day vulnerability that's been exploited in the wild this is part of CVE-2021-28550, and as usual patch when you can, as soon as you can.
💣 Fragattacks.com documents "Fragmentation and aggregation attacks" against Wifi. It's shockingly clear from the website name that no one involved ever read about the Vietnam war.
🌼 CVE-2021-31204 is an Elevation of Privilege Vulnerability that affects Single File Deployment applications on Mac and Linux and the latest patch fixes this vulnerability; so again, patch your systems if you're on .NET Core 5.05 or lower, or .NET Core 3.1.14 or lower.
Speaking of that latest patch,
📢 .NET 5.0.6 has been released and includes the CVE fix I mentioned before as well as a smattering of bug fixes.
📢 .NET Core 3.1.15 has been released and has that CVE fix and some SignalR fixes, among others.
📢 Visual Studio 2019 Version 16.9.5 has been released and this update includes a lot of estoric sounding stuff that you'd proably not even realize was an issue. What you would probably notice is that this version now includes Xcode 12.5 support. This version also fixes the aforementioned CVE as well as CVE-2021-27068 which is a Remote Code Execution vulnerability that could affect you if you use Python.exe in a scripts subfolder. If you do use Python with Visual Studio I'd like to point out that you're rarer than an honest politician.
🏴☠️ [Microsoft] Office based malware is "one of the biggest threats to companies" and yet it seemingly gets very little attention from Microsoft on how to mitigate it. Instead of making a better zipper, Microsoft chooses to tattoo "Remember to close the barn door" on people's hands.
📈 Build is May 25-27, 2021 register now to hear three days of Azure Marketing KPIs being realized.
📢 Speaking of Microsoft's Marketing KPIs which, Azure Static Web Apps is now GA. If you have a static website, and you aren't enamored by the plethora of other possibilities for static site generation, to include Hugo, Ghost, Netily, Github pages, you now have... Azure. The least cool (and probably most corporate) option.
⏩ FileStream operations are getting faster in .NET 6 to the tune of 2.5 times faster reading a 1MB file, and writing is 5.5 times faster. If you're an allocation junkie, they drop in .NET 6 from 39Kb to 192 bytes. For all you corporate behemoths out there that have corned your market, it appears that blowing everything up and starting over does have some perks.
🛅 Microsoft is shutting down its Azure Blockchain Service which was abbreviated "BaaS", which I maintain stands for "Bullshit as a Service".
📢 Visual Studio 16.10 Preview 3 has been released and the big note here is that the compiler is now "C++20 feature-complete". I've never actually seen a masochist in the wild; but I have to believe someone that still uses C++ qualifies. For the rest of us, There are improvements in MSBuild based code-bases. I have no idea what that means but if it affects you, you probably do.
🎁 try-convert v0.7.226301 has been released If you want to port .NET Framework projects to .NET Core, try-convert is your huckleberry. Also, holy cow does Microsoft's versioning vary among teams.
🏫 Let's Learn .NET: Accessibility is happening on May 21, 2021. This big note here is that not only will you learn more about accessilbility in general and using ASP.NET Core, you'll also learn how to improve Accessibility in Xamarin.
That's it for what happened Last Week in .NET, Thank you, and I'll see you next week.