AnsweredAssumed Answered

Microsoft Security Patches and File Versions Vulnerabilities

Question asked by Dan Salt on Jul 17, 2018
Latest reply on Jul 17, 2018 by Busby

Hi All,

 

We've been chasing out tails with a few detected vulnerabilities lately. The basic pattern is...Qualys detects that a patch is missing. The result for this is that file X.Y is a particular version, and that is why it is stating it is missing. Generally these are within System32 so a nightmare to just copy over if that is even what is been required. As well as this, when scanned with Nessus, the vulnerability doesn't show.

 

As a more exact example...We have a server that is showing QID 91452. Screenshot attached or epxlained below...

 

The results section states:

KB4284878 or KB4284815 is not installed
%windir%\system32\Ntoskrnl.exe Version is 6.3.9600.19000

When trying to install the patch, we get the expected error or already installed or does not apply.

 

Additionally the version of this file, when checked through properties > details is 6.3.9600.19067. Powershell supports this though sometimes powershell shows the same version as Qualys.

 

Can anyone point us in the right direction for cleaning these vulnerabilities up efficiently?

Attachments

Outcomes