AnsweredAssumed Answered

BlueKeep QID91534 - Qualys Scans

Question asked by Junaid Mahomed on Jun 25, 2019
Latest reply on Jul 2, 2019 by Junaid Mahomed

Hi Guys

 

We have a number of Win 7 machines that are shown as vulnerable from a Qualys perspective BUT compliany from an SCCM perspective as the relevant patches are applied KB4499175 and also the monthly rollup KB4499164. 

Upon investigation, it seems that the termdd.sys file and PCI.sys file arent being updated which then flags up by Qualys that it isnt compliant even though the patches are installed rebooted numerous times.

 

Scenario 1 - Windows 7 machine 

Patches installed, termdd.sys and pci.sys files are updated to KB4499175 - 6.1.7601.24441 , compliant on SCCM and Qualys.

 

Scenario 2 - Windows 7 machine

Patches installed, termdd.sys and pci.sys files arent updated whilst patching, compliant on SCCM BUT not compliant on Qualys as its refrring to the termdd.sys file being an older version.

 

Scenario 3 - Windows 7 machine

Patches installed, termdd.sys and pci.sys files NOT updated whilst patching, compliant on SCCM BUT also compliant on Qualys 

 

Its become very confusing that these type of scenarios are presenting themselves.

 

Ive manually patched the windows 7 machine as well, command prompt to running the MSU file etc.

 

Please can you shed some light on this as Qualys is flagging them vulnerable even though the patch is installed. Also whether the termdd.sys file is changed or not, the Qualys scan will report vulnerable at times and at times it would be compliant.

 

Thanks

J

Outcomes