This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

possible false CVE positive on office 2016 click to run

Adri
Engaged Sweeper III

‎08-10-2022 08:49 AM - last edited on ‎04-02-2024 07:48 AM by Community Manager

please see attached document for details CVE-2020-1193 is detected but when applying the suggested remediation from Microsoft kb4484466 for 32 bits office 2016 I get message that no applicable product is found, any ideas?

 

Labels:
Preview file
146 KB
0 Kudos
1 REPLY 1
IainCaldwell
Lansweeper Employee
Lansweeper Employee

‎08-10-2022 10:58 AM

@Adri  thanks for the feedback.  I'm checking in with our engineering team, but I think its a false positive.

I think the issue we are finding is that the NIST data feed just focuses on the top level version number and then doesn't really recognise that a patch has been applied.

We are investigating a way that we can dig further in the details from vendors to get the lower level version number to avoid this.  In the short term to ensure it doesn't keep showing we are going to put some simple functions to allow the user to tell an asset to be ignored with relation to that vulnerability (its not idea but in the short term will allow users to remove a bit of the noise).

Again thanks for the feedback and please keep it comming.

 

PS.  I'll come back and update when I hear from engineer 🙂

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now