06-06-2023 06:18 PM
I've been asked to confirm that my company is patched for CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability - Released: Mar 14, 2023 Last updated: Mar 21, 2023
So I opened up my handy dandy Lansweeper MS Patch Tuesday – 2023.03.March report and nothing is green. I checked the updates on several machines, no updates needed, opened Outlook and verified it's up to date.
Rebooted my computer, rescanned, and it's still red. I tried to install the update that Lansweeper suggested. My computer says it's not applicable.
Anyone know of a report that would verify that vulnerability specifically?
Thanks!
Stretch
Solved! Go to Solution.
06-06-2023 08:01 PM
The most likely reason your March Patch Tuesday report shows all red is due to the March update being superceded by later cumulative updates. If you use a later report (depending on your patching schedule, April's or May's), and it's green there you're covered - but that's for Windows OS updates, not Office/Outlook.
For click-to-run Office/Outlook, I've got a report that should work for you (if you're using O365 it will need to be tweaked). For MSI Office/Outlook, if the update shows up in update history, a report should be able to detect it.
Select Distinct Top 1000000 tblAssets_1.AssetID,
tblAssets_1.AssetName,
tblSoftwareUni.softwareName,
tblSoftware.softwareVersion,
Case
When tblSoftware.softwareVersion >= '16.0.16130.20306' Then 'black'
Else 'red'
End As foregroundcolor
From tblAssets As tblAssets_1
Inner Join tblSoftware On tblAssets_1.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Inner Join tblAssetCustom On tblAssets_1.AssetID = tblAssetCustom.AssetID
Where tblSoftwareUni.softwareName Like '%Microsoft Office%en-us%' And
tblAssetCustom.State = 1
Order By tblSoftwareUni.softwareName,
tblSoftware.softwareVersion Desc,
tblAssets_1.AssetName
06-06-2023 08:01 PM
The most likely reason your March Patch Tuesday report shows all red is due to the March update being superceded by later cumulative updates. If you use a later report (depending on your patching schedule, April's or May's), and it's green there you're covered - but that's for Windows OS updates, not Office/Outlook.
For click-to-run Office/Outlook, I've got a report that should work for you (if you're using O365 it will need to be tweaked). For MSI Office/Outlook, if the update shows up in update history, a report should be able to detect it.
Select Distinct Top 1000000 tblAssets_1.AssetID,
tblAssets_1.AssetName,
tblSoftwareUni.softwareName,
tblSoftware.softwareVersion,
Case
When tblSoftware.softwareVersion >= '16.0.16130.20306' Then 'black'
Else 'red'
End As foregroundcolor
From tblAssets As tblAssets_1
Inner Join tblSoftware On tblAssets_1.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Inner Join tblAssetCustom On tblAssets_1.AssetID = tblAssetCustom.AssetID
Where tblSoftwareUni.softwareName Like '%Microsoft Office%en-us%' And
tblAssetCustom.State = 1
Order By tblSoftwareUni.softwareName,
tblSoftware.softwareVersion Desc,
tblAssets_1.AssetName
06-06-2023 08:31 PM
Just had to modify it for O365 as you suggested, and it worked perfectly! Thank you so much for that, and for explaining why everything from March was showing red
06-06-2023 07:42 PM
You're probably seeing everything as red in the March Patch Tuesday report due to those updates being superceded by cumulative updates released after March. If you run one of the later reports (depending on your patching schedule, probably May's), if you see green there you're covered for March - but that's only for Windows, not Office/Outlook.
For click-to-run Office/Outlook, you'll need to look at the build numbers and if they're at 16130.20306 or later you're covered. I'll see if I've got any reports that might work for this.
For the MSI Office/Outlook, that will be in an update form but I can't remember if those show up in the update history. If they do, a report for it can be created.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now