This question talks about companies who only support .NET Framework 4 Client profile due to security reasons. But does only allowing use of .NET Framework Client profile increase security? This answers talks about that being main case for Client profile. But that was 8 years ago.
I can see two reasons why using .NET Framework 4 Client profile is not as secure as it might seem:
- While surface of .NET API is smaller than full framework, it is still possible to PInvoke any WinAPI method. So there is not much security here.
- Being almost 8 years old, MS might no longer support it, by releasing hotfixes to found security issues. But I was unable to find any information about this.
Is my reasoning above valid? Are there any other reasons why using only .NET Framework 4 Client profile might be more secure than running full and new .NET?