Hello MQ community users,
We have received an notification alert from our internal vulnerability team, which advises us to uninstall all obsolete.NET Core versions (v 1.x, v2.1, v3.1, v5)
detected -by scan tool- on Windows MQ hosts ver 9.2.0.5 LTS (Win Server 2016, Win Server 2019) for corp security purposes (KPI index optimization).
Given that IBM MQ has its own libraries for .NET Framework & .NET Standard/Core, upon its installation, in order to provide the .NET framework/.NET standard classes to the corresponding MQ API clients, is it safe -in terms of MQ functionality & stability- to uninstall those .NET core versions, since they are not utilized by IBM MQ component itself?
FYI, these .NET core versions have been installed as part of the prebuild Windows Server image.
Btw, the same vulnerability has been identified on several other Windows Server hosts where IBM MQ clients (ver 9.2.0.5, v9.3.0.1) co-exist with .NET framework/NET Standard-Core based windows services, but in this case, I assume it is a matter of investigation about the version of .NET framework/NET standard-core libraries being utilized by each windows service (feedback from app service owner), in order to decide on which .NET core versions can be safely uninstalled.
Any advise on the above will be much appreciated.
Cheers, Nick.
------------------------------
NICK DAKORONIAS
Application Integration & Middleware Solution Certified Specialist
Kyndryl
Athens
------------------------------