cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Adri
Engaged Sweeper III

please see attached document for details CVE-2020-1193 is detected but when applying the suggested remediation from Microsoft kb4484466 for 32 bits office 2016 I get message that no applicable product is found, any ideas?

 

1 REPLY 1
IainCaldwell
Lansweeper Employee
Lansweeper Employee

@Adri  thanks for the feedback.  I'm checking in with our engineering team, but I think its a false positive.

I think the issue we are finding is that the NIST data feed just focuses on the top level version number and then doesn't really recognise that a patch has been applied.

We are investigating a way that we can dig further in the details from vendors to get the lower level version number to avoid this.  In the short term to ensure it doesn't keep showing we are going to put some simple functions to allow the user to tell an asset to be ignored with relation to that vulnerability (its not idea but in the short term will allow users to remove a bit of the noise).

Again thanks for the feedback and please keep it comming.

 

PS.  I'll come back and update when I hear from engineer 🙂