AnsweredAssumed Answered

MS17-010 and Legacy Systems

Question asked by Abner Almeida on May 14, 2017
Latest reply on May 14, 2017 by Robert Dell'Immagine

Hello, community

 

Microsoft has released KB4012598 for Legacy Systems (Windows XP, Server 2003, Vista, 8 etc). Does any of the QIDs available in the knowledgebase detect that this KB is missing in any of the systems? Was there any update in the available QIDs to get adjusted to this new patch, since until May 12nd there was no update for legacy systems?

 

Let me quote  adamc from his post in the community

 

87284 :

The scanner check if the IIS version and OS version. If both are matched the criteria that means that there is vulnerability.

 

91345 :

The system check what is the version of the affected file and if the fixing patch is being implemented than the it means that the fix is being applied.

 

91357 :

The vulnerability can be exploited by the "ETERNALCHAMPION" tool and that's why it has been flagged. 

Microsoft recommends users to update to latest SMB version and stop using SMBv1. Refer to Microsoft KB article KB2696547 for more details.

 

91359 :

The Scanner is checking the operating system and if the patch is being installed (MS17_010)

 

91360 :

The vulnerability can be exploited by the "ETERNALBLUE" tool and that's why it has been flagged.

 

 

91361 :

The vulnerability can be exploited by the "ETERNALSYNERGY" tool and that's why it has been flagged.

 

Are these QIDs able to detect whether or not the KB4012598 is missing?

Our technical teams have applied this patch to our legacy systems, but Qualys still flags 'em as vulnerable... Do I need to take any further actions to detect the fix has, in fact, been applied?

Outcomes