As of January 20, 2025, significant updates and changes have occurred within the Azure .NET ecosystem, particularly concerning infrastructure and security updates that developers and organizations using .NET should be aware of.Urgent Infrastructure Update RequiredMicrosoft has mandated an urgent update for all .NET developers to their infrastructure by January 7, 2025. This requirement stems from an unexpected change in the distribution of .NET installers and binaries, which are currently hosted on Azure Content Delivery Network (CDN) domains ending inĀ .azureedge.net. Following the bankruptcy of Edgio, which previously managed these domains, Microsoft is transitioning to Azure Front Door CDNs to ensure continued service availability.

Developers are advised to verify if their services are affected by this transition. If no action is taken by the deadline, Microsoft will automatically migrate affected workloads to Azure Front Door. However, this automatic migration will not apply to endpoints with specific domains, such as *.vo.msecnd.net. Users planning to switch to other CDN providers must set the feature flagĀ DoNotForceMigrateEdgioCDNProfiles before January 7 to avoid automatic migration.

January 2025 .NET UpdatesOn January 14, 2025, Microsoft released several servicing updates for both .NET and .NET Framework. These updates include critical security improvements addressing multiple vulnerabilities:

  • CVE-2025-21171: Remote Code Execution Vulnerability in .NET 9.0
  • CVE-2025-21172: Remote Code Execution Vulnerability affecting both .NET 8.0 and 9.0
  • CVE-2025-21176: Denial of Service Vulnerability across various versions including .NET Framework 4.6.2 through 4.8.1
  • CVE-2025-21173: Elevation of Privilege Vulnerability affecting .NET 8.0 and 9.0

The updates also included reliability improvements aimed at addressing issues such as infinite loops in CLR execution.

Recommendations for DevelopersGiven these developments, it is crucial for developers and organizations utilizing Azure .NET services to:

  • Update Infrastructure: Ensure all production and DevOps environments are updated by the January 7 deadline to avoid service disruptions.
  • Apply Security Updates: Regularly check for and apply the latest security updates from Microsoft to mitigate risks associated with vulnerabilities.
  • Consider Custom Domains: To enhance flexibility and reduce risks associated with reliance on default CDN domains, Microsoft recommends adopting custom domains as soon as possible.

These changes underscore the importance of proactive management of cloud infrastructure and security practices within the Azure .NET ecosystem as we move further into 2025.