Cve-2018-0598

Hello, please, I need help to solve this.
O.S Windows Server 2012 R2

To our best knowledge, there is no fix for this bug.
The next best thing is to make sure every user of the system is behaving according to the mentioned workaround.

Hi Tino, thank you for answering I understand what you decide, but what I do not understand, because the vulnerability scan finds that vulnerability, I test my laboratory with the same version of the operating system that I have this vulnerability and with the same updates and scanning the test server does not detect that vulnerability, that’s what I can not understand.

Hi Asavaresi, so your problem is that on one system you find this vulnerability and on another system you don’t?
You mentioned the system without results has the same updates and OS version. As the test tries to find the iexpress.exe version make sure it’s present on the test system as well under the same path.

If both systems have this file, then it seems obvious to me that the Report without this vulnerability must be the wrong one. Apparently the scan can’t find the iexpress.exe. Maybe one scan is an authenticated scan, or both are and the users have different rights? This would explain, why the scan with less rights on a system can’t find the file.

2 Likes

Cambiar a español

Tino, it was indeed a matter of credentials I did the scan without credentials or it does not show me that vulnerability, thank you very much for the help as we say in Argentina Idol Genio Crack.

Thank you so much.

1 Like