→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Stretch605
Engaged Sweeper III

I've been asked to confirm that my company is patched for CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability - Released: Mar 14, 2023 Last updated: Mar 21, 2023

So I opened up my handy dandy Lansweeper MS Patch Tuesday – 2023.03.March report and nothing is green. I checked the updates on several machines, no updates needed, opened Outlook and verified it's up to date.
Rebooted my computer, rescanned, and it's still red. I tried to install the update that Lansweeper suggested. My computer says it's not applicable.

Anyone know of a report that would verify that vulnerability specifically?

Thanks!

Stretch

 

1 ACCEPTED SOLUTION
KevinA-REJIS
Champion Sweeper III

The most likely reason your March Patch Tuesday report shows all red is due to the March update being superceded by later cumulative updates. If you use a later report (depending on your patching schedule, April's or May's), and it's green there you're covered - but that's for Windows OS updates, not Office/Outlook.

For click-to-run Office/Outlook, I've got a report that should work for you (if you're using O365 it will need to be tweaked). For MSI Office/Outlook, if the update shows up in update history, a report should be able to detect it.

Select Distinct Top 1000000 tblAssets_1.AssetID,
  tblAssets_1.AssetName,
  tblSoftwareUni.softwareName,
  tblSoftware.softwareVersion,
  Case
    When tblSoftware.softwareVersion >= '16.0.16130.20306' Then 'black'
    Else 'red'
  End As foregroundcolor
From tblAssets As tblAssets_1
  Inner Join tblSoftware On tblAssets_1.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Inner Join tblAssetCustom On tblAssets_1.AssetID = tblAssetCustom.AssetID
Where tblSoftwareUni.softwareName Like '%Microsoft Office%en-us%' And
  tblAssetCustom.State = 1
Order By tblSoftwareUni.softwareName,
  tblSoftware.softwareVersion Desc,
  tblAssets_1.AssetName

 

View solution in original post

3 REPLIES 3
KevinA-REJIS
Champion Sweeper III

The most likely reason your March Patch Tuesday report shows all red is due to the March update being superceded by later cumulative updates. If you use a later report (depending on your patching schedule, April's or May's), and it's green there you're covered - but that's for Windows OS updates, not Office/Outlook.

For click-to-run Office/Outlook, I've got a report that should work for you (if you're using O365 it will need to be tweaked). For MSI Office/Outlook, if the update shows up in update history, a report should be able to detect it.

Select Distinct Top 1000000 tblAssets_1.AssetID,
  tblAssets_1.AssetName,
  tblSoftwareUni.softwareName,
  tblSoftware.softwareVersion,
  Case
    When tblSoftware.softwareVersion >= '16.0.16130.20306' Then 'black'
    Else 'red'
  End As foregroundcolor
From tblAssets As tblAssets_1
  Inner Join tblSoftware On tblAssets_1.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Inner Join tblAssetCustom On tblAssets_1.AssetID = tblAssetCustom.AssetID
Where tblSoftwareUni.softwareName Like '%Microsoft Office%en-us%' And
  tblAssetCustom.State = 1
Order By tblSoftwareUni.softwareName,
  tblSoftware.softwareVersion Desc,
  tblAssets_1.AssetName

 

Just had to modify it for O365 as you suggested, and it worked perfectly! Thank you so much for that, and for explaining why everything from March was showing red

 

KevinA-REJIS
Champion Sweeper III

You're probably seeing everything as red in the March Patch Tuesday report due to those updates being superceded by cumulative updates released after March. If you run one of the later reports (depending on your patching schedule, probably May's), if you see green there you're covered for March - but that's only for Windows, not Office/Outlook.

For click-to-run Office/Outlook, you'll need to look at the build numbers and if they're at 16130.20306 or later you're covered. I'll see if I've got any reports that might work for this. 

For the MSI Office/Outlook, that will be in an update form but I can't remember if those show up in the update history. If they do, a report for it can be created. 

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now