AnsweredAssumed Answered

SCCM & Qualys Detection of Installed Patches

Question asked by Tony Ramsey on Mar 4, 2015
Latest reply on Jul 23, 2015 by Scott Rockstad

All,

 

We have a very large environment and use SCCM for deployment of monthly patches to address vulnerabilities.

The issue:

A patch for a vulnerability gets installed via SCCM. However, when Qualys scans it still detects and reports on the vulnerability.

The issue seems to be that a certain DLL file is not updated by Microsoft's SCCM after installation of the patch.

A specific case that I can refer to is the recent  Microsoft's Bulletin for MS14-023 (Vulnerabilities in Microsoft Office Could Allow Remote Code Execution )

This patch is installed; however, Qualys seems to flag the file's modified date for the specific DLL as being incorrect. please see Qualys' output below-

 

HKLM\SOFTWARE\Microsoft\Office\15.0\Common\ProductVersion LastProduct = 15.0.4569.1506
Current file modified date: {minute=55, day=23, hour=19, second=52, year=2014, month=1}
File modified date for %ProgramFiles%\Microsoft Office\Office15\PROOF\1033\MSGR3EN.DLL should be (YYYY-MM-DD HH:MM:SS): 2014-4-24 0:0:0 or higher.
Microsoft Office 2013 Installed#

 

Any feedback on this issue would be much appreciated-wondering if anyone else has experienced this issue and how the issue was resolved.


thanks

Tony Ramsey

Outcomes