Been a while since there was a .NET Security Bulletin, but here is one; please test and then update your systems:
Microsoft Security Bulletin MS07-040 - CriticalVulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
<http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx>
I find this section in the FAQ section confusing...don't you? Should have probably said:
If you have .NET 3.0 installed, it requires .NET 2.0 to be installed, so this bulletin applies to you.
It said (oh how pedantic!)
This security bulletin says that .NET Framework 3.0 is non-affected. How does .NET Framework 3.0 relate to the previous versions that are affected? Microsoft .NET Framework 3.0 is a superset of .NET Framework 2.0. Microsoft .NET Framework 3.0 listed as Non-Affected Software in this security update refers to the four new technologies added as the superset to the .NET Framework 2.0. These technologies are: Windows Presentation Foundation (WPF), Windows Workflow Foundation (WF), Windows Communication Foundation (WCF), and Windows CardSpace. The vulnerabilities addressed in this security update do not affect any of the four specific .NET Framework 3.0 technologies. Developers wishing to learn more about the .NET Framework 3.0 and it’s relation to previous version may refer to the following .NET Framework 3.0 Versioning and Deployment MSDN article. Additional information for .NET Framework 3.0 may also be found in the following MSDN article.