This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Issues with windows update versions and detected C...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2022 01:15 PM - last edited on 04-02-2024 09:29 AM by Mercedes_O
We have started evaluating Security Insights and came across a bug in detection. This example is detecting CVE-2022-34722 on windows servers/clients. To fix this "2022-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5017305)" is required to be installed. We completed windows updates on some of the affected servers and waited for the next detection cycle. To our surprise the CVE was still detected.
Upon further investigation the servers we patched didn't get the cumulative update for September, but skipped it and installed the one for October (KB5018411). When we try to manually install the September one it says isn't not applicable.
Is there a way to detect if this CVE was patched with a future Cumulative update?
Labels:
- Labels:
-
Security
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2022 04:40 PM
Hi @achurchill,
Sorry for the delay in our answer, but we were performing some improvements in the community.
The quick answer to your question is we would detect it always the patch is properly reflected on the CVE.
In addition, the case you described has an extra complexity coming from the fact you are installing the hotfix as part of a cumulative update. Then, there are three possibilities:
In addition, the case you described has an extra complexity coming from the fact you are installing the hotfix as part of a cumulative update. Then, there are three possibilities:
- The CVE reflects in its definition the specific KB fixing the vulnerability.
- The CVE reflects the KB and also the cumulative update/s containing the KB (best case)
- The CVE does not reflect the KB nor the cumulative patch in the definition (worst case)
Specifically for the CVE-2022-34722, we are in the third case, so an installed patch would not be detected.
As we are aware of this situation and for example, Microsoft is not updating all its CVEs with the corresponding patches, we are researching different ways to enrich our solution to be able to detect the installed patches independently from the CVE definition. It is something it will take some time to achieve, so if you are interested I can keep you posted on our progress.
Also do not hesitate to reach us with any other doubts or feedback by posting a question in the community or writing directly to us.
As we are aware of this situation and for example, Microsoft is not updating all its CVEs with the corresponding patches, we are researching different ways to enrich our solution to be able to detect the installed patches independently from the CVE definition. It is something it will take some time to achieve, so if you are interested I can keep you posted on our progress.
Also do not hesitate to reach us with any other doubts or feedback by posting a question in the community or writing directly to us.
Thanks!
General Discussions
Find answers to technical questions about Lansweeper.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Report Show devices that have a Windows version less than 22H2 in Reports & Analytics
- Missing entries from tsysOS table in General Discussions
- When does an Asset Radar asset stop being an Asset Radar asset? in General Discussions
- Trying or edit a report for Windows drivers error on Query screen. Windows: Installed PNP drivers in General Discussions
- OS: Not latest Build of Windows XXX - error with version numbers in Reports & Analytics
