Why Qualys scan detects Microsoft Office Remote Code Execution vulnerabilities again and again even after appropriate patches installed?
Is there any solution to this?
Please see below where I have pasted the contents of our 'Online Help' article titled 'Windows False Positives'.
The first step to take is to review the Results section of the QID for the host. This will show you the specific reasoning for the vulnerability posting for that host. Please note that we do not simply check whether the patch is installed (as the Windows Installer and SCCM do), we will also check for any vulnerable files left behind. Often this is some sort of DLL file that will be noted in the Results section.
If you have verified that the file we located does not exist on the host, please open a Support case and provide us with the raw scan results in PDF format. Go to Help > Contact Support to reach us.
If the file is still present on the host, you may need to uninstall the patch and install it again. We recommend you refer to the vendor documentation in this case.
Retrieving data ...