False positive for Microsoft Windows Multiple Vulnerabilities (KB4517389)

georgetaylor · November 11, 2019, 2:18pm

I have a computer running Windows 10 Version 1903 and KB4517389 is installed on it. But the script resulted as it is not installed and found the corresponding vulnerabilities.

The script checks for the Gdiplus.dll under System32 and the vulnerable range is 10.0.18362.0 - 10.0.18362.417. I checked Gdiplus.dll under System32 and its version is 10.0.18362.418 as it should be because of the installed KB4517389. However the script reported the version as 10.0.18362.295 which is the version of Gdiplus.dll under SysWOW64.

So the script prints out the path of file checked as C:\Windows\system32\Jscript.dll but interestingly reported version is belong to C:\Windows\SysWOW64\Jscript.dll

Antu · November 12, 2019, 11:56am

Hi,

Thanks for reporting, looks its strange, we are able to reproduce the issue. Working on the patch, will keep updated on this.

Thanks,
Antu

cfi · December 18, 2019, 6:41am

Just to note that the mentioned VT was updated two weeks ago to handle this.

I’m only unsure about this because the script had actually checked for Gdiplus.dll: