This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Re: Issues with windows update versions and detect...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2022 01:15 PM - last edited on 04-02-2024 09:29 AM by Mercedes_O
We have started evaluating Security Insights and came across a bug in detection. This example is detecting CVE-2022-34722 on windows servers/clients. To fix this "2022-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5017305)" is required to be installed. We completed windows updates on some of the affected servers and waited for the next detection cycle. To our surprise the CVE was still detected.
Upon further investigation the servers we patched didn't get the cumulative update for September, but skipped it and installed the one for October (KB5018411). When we try to manually install the September one it says isn't not applicable.
Is there a way to detect if this CVE was patched with a future Cumulative update?
Labels:
- Labels:
-
Security
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2022 04:40 PM
Hi @achurchill,
Sorry for the delay in our answer, but we were performing some improvements in the community.
The quick answer to your question is we would detect it always the patch is properly reflected on the CVE.
In addition, the case you described has an extra complexity coming from the fact you are installing the hotfix as part of a cumulative update. Then, there are three possibilities:
In addition, the case you described has an extra complexity coming from the fact you are installing the hotfix as part of a cumulative update. Then, there are three possibilities:
- The CVE reflects in its definition the specific KB fixing the vulnerability.
- The CVE reflects the KB and also the cumulative update/s containing the KB (best case)
- The CVE does not reflect the KB nor the cumulative patch in the definition (worst case)
Specifically for the CVE-2022-34722, we are in the third case, so an installed patch would not be detected.
As we are aware of this situation and for example, Microsoft is not updating all its CVEs with the corresponding patches, we are researching different ways to enrich our solution to be able to detect the installed patches independently from the CVE definition. It is something it will take some time to achieve, so if you are interested I can keep you posted on our progress.
Also do not hesitate to reach us with any other doubts or feedback by posting a question in the community or writing directly to us.
As we are aware of this situation and for example, Microsoft is not updating all its CVEs with the corresponding patches, we are researching different ways to enrich our solution to be able to detect the installed patches independently from the CVE definition. It is something it will take some time to achieve, so if you are interested I can keep you posted on our progress.
Also do not hesitate to reach us with any other doubts or feedback by posting a question in the community or writing directly to us.
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2025 06:09 PM
Any update on this 2 years later? Risk Insights seems to suffer from this same shortcoming, basing remidiation on Microsoft forever keeping a CVE article page up to date rather than checking a file version on the machine or referencing patches that supercede ones that are in the original CVE document seems like a big shortcoming.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Hi, I would also like an update or a response to this. We have many devices that are being flagged as not having windows updates through out different months, however the devices are fully up to date. They are just getting flagged because they have been offline for a few months, then they have come online and been patched up to date, but are apparently missing 'CVE' or CareCERTs. Even though they are full up to date and no more updates are available.
How can we resolve this? As we have 111 devices out of 2500 saying they are not up to date, however the majority of them are actually patched and up to date.
General Discussions
Find answers to technical questions about Lansweeper.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Lansweeper keeps losing AssetNames after upgrading to v12.5.3.0 in General Discussions
- Windows Software searching not displaying correctly in General Discussions
- Switch Software Info missing in General Discussions
- Some known assets is shown as new assets within the modified new devices report in General Discussions
- Report Show devices that have a Windows version less than 22H2 in Reports & Analytics
