The article (https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sync/password-sync-agent-native-password-reset.html)  says Domain controller should have Microsoft .NET Framework 2.0 or 3.5 for password sync agent to work, but both these versions are vulnerable (refer https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-2002/opbyp-1/Microsoft-.net-Framework.html ). As per Microsoft the stable and non-vulnerable .net is NET Framework 4.8. Can you help me clarify what needs to be done and can we run password sync agent on 4.8. If not then when will ManageEngine move to 4.8. 

Can you advice what to do?