07-07-2023 03:05 PM - edited 08-07-2023 10:43 AM
Latest Update [07/08/2023 11h]: The fix that resolves the correlation engine’s performance issues was pushed to production and is now available to all users. Update your Lansweeper scanner to the latest version to ensure your installation works as expected. Older or legacy versions of Windows will be covered in the next few weeks.
Latest update [11/07/2023 16:30h]: A rollout of the fix is available for all users, customers with the latest version of Lansweeper will now no longer see false positives for:
Windows Server 2022
Windows 11
Windows 10
Windows Server 2019
Windows Server 2016
Our team is currently working on extending this list to older versions of Windows and Windows server.
Update [07/07 15:00]: A partial fix has already been applied to our data pipeline; the result will become visible as Lansweeper refreshes your scanning results over the next few days
Our vulnerability correlation engine is currently suffering performance issues related to Microsoft vulnerabilities. More specifically, it is not properly recognizing cumulative patching and will incorrectly show an excessive number of active vulnerabilities with a high confidence score.
The issue occurs more frequently with older Lansweeper technology that does not leverage the latest version of our software normalisation engine.
To minimize false positives make sure all your lansweeper components are up to date;
Keep in mind that this issue does not impact the way our vulnerability correlation engine works for other vendors. In the absence of Lansweeper’s Vulnerability Risk assessment for cumulative patching on Microsoft, we recommend that you keep Microsoft products patched and up to date.
On to the details:
Our vulnerability resolution engine relies on the National Vulnerability Database of the US Government at its core. However, it’s important to be aware that the database may not always be kept fully up to date, and as a result, there may be instances where false positives occur, indicating vulnerabilities that don’t actually impact an asset. To address this issue, we have integrated additional sources into our system, one of which is the Microsoft Security Response Center (MSRC). This integration allows us to implement two filters for improved accuracy:
The first filter is based on the OS Build number.
The second filter is based on security patches.
By incorporating these additional sources and filters, we aim to enhance the reliability and effectiveness of our vulnerability resolution engine.
However, it’s worth noting that the second filter does have certain limitations. The limitations include the coverage of cumulative patches. We are actively working to integrate cumulative patches into the filter to address this limitation.
Best,
María Orellana
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now