.NET Core Archives

Tech Optimizer

December 2, 2025

AWS Transform announces full-stack Windows modernization capabilities

AWS launched AWS Transform for .NET in May, aimed at modernizing .NET applications. In response to user feedback, AWS introduced AWS Transform for full-stack Windows modernization, which streamlines modernization tasks across the Windows application stack. This service enhances modernization efficiency by up to five times and supports migration from .NET Framework to cross-platform .NET and SQL Server to Amazon Aurora PostgreSQL-Compatible Edition. It includes features for validating and testing applications, customizable deployment configurations, and modernizing ASP.NET Web Forms UI to Blazor. AWS Transform connects to source code repositories and database servers to analyze dependencies and create modernization waves. Users can configure database connectors for SQL Server and source code repositories, leading to a wave-based transformation plan. The service generates a SQL Modernization Assessment Report detailing the proposed modernization strategy. The transformation process involves converting SQL Server schema to PostgreSQL, migrating data, transforming .NET application code, and deploying applications for testing. AWS Transform exclusively supports codebases in .NET 6 or later. It also facilitates UI modernization from ASP.NET Web Forms to Blazor, managing the conversion of various project files. Additional features include support for porting to .NET 10 and .NET Standard, an editable transformation report, real-time tracking of transformation progress, and a markdown file outlining remaining tasks post-transformation. AWS Transform for full-stack Windows modernization is available in the US East (N. Virginia) Region, with no additional charges for the features beyond standard resource usage. It supports SQL Server versions from 2008 R2 to 2022 and Entity Framework versions 6.3 to 8.0.

Tech Optimizer

October 28, 2025

QNAP warns of critical flaw in its Windows backup software, so update now

QNAP has issued a security advisory urging users of its NetBak PC Agent software to address a significant vulnerability in ASP.NET Core, designated as CVE-2025-55315, with a severity rating of 9.9 out of 10. This vulnerability allows for HTTP request smuggling, which could enable attackers to bypass security measures. QNAP recommends immediate patching of the affected components and has made updates available through software reinstallation or manual installation of the .NET 8.0 Runtime.

Winsage

October 26, 2025

“Emergency Windows Update Declared a ‘Total Disaster’—Is Your PC at Risk?”

A new Windows 11 update, KB5066835, is causing significant issues by breaking localhost connections, preventing locally hosted apps from communicating with the network. Users are experiencing installation failures and problems with peripherals and accessories. Microsoft has acknowledged the issue and is rolling out an emergency patch, which may take over 48 hours to reach affected PCs. The update disrupts the kernel-mode HTTP server (HTTP.sys), leading to connection failures for apps trying to access localhost. Additionally, the update renders the Windows Recovery Environment (WinRE) unusable, as mice and keyboards do not function within it. Users attempting to reinstall the patch or upgrade to newer builds have reported inconsistent results, with fresh installs of Windows 11 24H2 not experiencing the same issues. Caution is advised against attempting unofficial fixes, as they may destabilize the system. Windows 10 users should ensure their systems are updated with the final security patches or consider purchasing Extended Security Updates for continued support.

Winsage

October 18, 2025

Microsoft fixes Windows bug breaking localhost HTTP connections

Microsoft has identified a bug affecting HTTP/2 localhost connections and IIS websites after recent Windows security updates, specifically the Windows 11 KB5066835 Patch Tuesday update and the September KB5065789 preview update. Users have reported connection reset errors, such as ERRCONNECTIONRESET and ERRHTTP2PROTOCOL_ERROR, impacting applications like the Duo Desktop app and Visual Studio debugging. The issue is linked to a bug in the HTTP.sys web server used by ASP.NET Core, which can be triggered by various factors including device restarts and update installations. Microsoft has provided steps for resolution, including checking for updates and restarting devices. For non-managed devices, an automatic resolution through Known Issue Rollback (KIR) is available, while enterprise-managed devices require IT administrators to implement KIR group policies. A permanent fix is expected in a future Windows update.

Winsage

October 14, 2025

Microsoft October Patch Tuesday for Windows 11 Fixes 175 Flaws

Microsoft's October 2025 Patch Tuesday addressed 175 vulnerabilities, including two zero-day elevation-of-privilege flaws: CVE-2025-24990, related to the legacy ltmdm64.sys Agere Modem driver, and CVE-2025-59230, affecting the Remote Access Connection Manager. Five vulnerabilities were classified as critical, including CVE-2025-59246 (remote code execution in Azure Entra ID), CVE-2025-55315 (ASP.NET Core vulnerability), CVE-2025-49708 (Microsoft Graphics Component bug), CVE-2025-59287 (Windows Server Update Service flaw), and CVE-2025-59228 (SharePoint vulnerability). The update (KB5066835) also resolved usability issues, such as print preview hangs and input detection failures. Microsoft notified administrators about the expiration of Secure Boot certificates in June 2026. Windows 11 users can install the update via Settings > Windows Update, requiring a system restart and data backup before installation.

Winsage

March 11, 2025

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Microsoft released security updates on March 2025 Patch Tuesday, addressing 57 vulnerabilities, including six classified as critical related to remote code execution. The vulnerabilities are categorized as follows: 23 Elevation of Privilege, 3 Security Feature Bypass, 23 Remote Code Execution, 4 Information Disclosure, 1 Denial of Service, and 3 Spoofing. The updates specifically address six actively exploited zero-day vulnerabilities and one publicly disclosed zero-day vulnerability. The zero-day vulnerabilities include: 1. CVE-2025-24983 - Elevation of Privilege in Windows Win32 Kernel Subsystem. 2. CVE-2025-24984 - Information Disclosure in Windows NTFS. 3. CVE-2025-24985 - Remote Code Execution in Windows Fast FAT File System Driver. 4. CVE-2025-24991 - Information Disclosure in Windows NTFS. 5. CVE-2025-24993 - Remote Code Execution in Windows NTFS. 6. CVE-2025-26633 - Security Feature Bypass in Microsoft Management Console. The publicly disclosed zero-day is: - CVE-2025-26630 - Remote Code Execution in Microsoft Access. A comprehensive list of resolved vulnerabilities includes various CVE IDs and their respective titles and severities, with several vulnerabilities affecting Microsoft Office products, Windows components, and Azure services.

Winsage

July 10, 2024

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

There are several vulnerabilities in various Microsoft products, including .NET Core, Visual Studio, Active Directory Rights Management Services, Azure CycleCloud, Azure DevOps, Azure Kinect SDK, Azure Network Watcher, Intel, Line Printer Daemon Service, and Microsoft Defender for IoT.