FP of CVE-2020-1009 on Windows Server 2016 #1863
Comments
|
Hello @gunnsth, Thank you for the feedback. You're exactly right. We've reviewed this content and the patch and 10.0.14393.3630 is the correct file version for that patch and testing for 10.0.14393.10000 would likely generate a FP. There appears to have been an error of some sort in a data feed that led to this mistake. We are looking into the cause, why our test lab did not detect this issue, and the best way to resolve by fixing this content and as well as future content. Thank you for reporting this! -David |
|
Hi @DavidRies Did you figure out something more about this? It seems like the content is still inaccurate. |
|
HI @gunnsth , thank you for circling back on this. Would you be interested in making this fix and submitting a PR? |
|
Hi @DavidRies I could look into it. You mentioned a data feed previously, is that something that is accessible? Because finding those specific version numbers for these files is not trivial. |
Hi. I am looking at some possible FPs for some recent vulnerabilities in Windows Server 2016.
The check seems to be the following:
OVALRepo/repository/definitions/vulnerability/oval_org.cisecurity_def_7487.xml
Line 46 in 068b632
That the version of ntoskrnl.exe is less than 10.0.14393.10000
however, looking at a system where the patch for this has been deployed (KB4550929) the version of this
file is: 10.0.14393.3630
which is significantly less... and causes the vulnerability to be raised.
Any insights into this? @JovalAutomation @DavidRies
The text was updated successfully, but these errors were encountered: