11-03-2022 01:15 PM - last edited on 04-02-2024 09:29 AM by Mercedes_O
We have started evaluating Security Insights and came across a bug in detection. This example is detecting CVE-2022-34722 on windows servers/clients. To fix this "2022-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5017305)" is required to be installed. We completed windows updates on some of the affected servers and waited for the next detection cycle. To our surprise the CVE was still detected.
Upon further investigation the servers we patched didn't get the cumulative update for September, but skipped it and installed the one for October (KB5018411). When we try to manually install the September one it says isn't not applicable.
Is there a way to detect if this CVE was patched with a future Cumulative update?
11-18-2022 04:40 PM
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now