This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issues with windows update versions and detected CVEs

achurchill
Engaged Sweeper

‎11-03-2022 01:15 PM - last edited on ‎04-02-2024 09:29 AM by

We have started evaluating Security Insights and came across a bug in detection.  This example is detecting CVE-2022-34722 on windows servers/clients.  To fix this "2022-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5017305)" is required to be installed.  We completed windows updates on some of the affected servers and waited for the next detection cycle.  To our surprise the CVE was still detected.

 

Upon further investigation the servers we patched didn't get the cumulative update for September, but skipped it and installed the one for October (KB5018411).  When we try to manually install the September one it says isn't not applicable.  

Is there a way to detect if this CVE was patched with a future Cumulative update?

Labels:
1 REPLY 1
edu_ayus
Product Team
Product Team

‎11-18-2022 04:40 PM

Sorry for the delay in our answer, but we were performing some improvements in the community.
The quick answer to your question is we would detect it always the patch is properly reflected on the CVE.
In addition, the case you described has an extra complexity coming from the fact you are installing the hotfix as part of a cumulative update. Then, there are three possibilities:
  • The CVE reflects in its definition the specific KB fixing the vulnerability.
  • The CVE reflects the KB and also the cumulative update/s containing the KB (best case)
  • The CVE does not reflect the KB nor the cumulative patch in the definition (worst case)
Specifically for the CVE-2022-34722, we are in the third case, so an installed patch would not be detected.
As we are aware of this situation and for example, Microsoft is not updating all its CVEs with the corresponding patches, we are researching different ways to enrich our solution to be able to detect the installed patches independently from the CVE definition. It is something it will take some time to achieve, so if you are interested I can keep you posted on our progress.
Also do not hesitate to reach us with any other doubts or feedback by posting a question in the community or writing directly to us.
Thanks!

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Top