Microsoft Visual Studio Remote Code Execution Vulnerability (Jan 2019) with OID 1.3.6.1.4.1.25623.1.0.814662 generates false positives.
There’s a check via version_is_less(version:vsversion, test_version:"15.9.28307.280").
For test_version the build number 15.9.28307.280 is checked which relates to version 15.9.5.
For vsversion the version is used. In my case 15.9.72 which relates to build 15.9.36001.173.
Source: Visual Studio 2017 Release History | Microsoft Learn
The issue is that version number will always be lower than build number, therefore, this test will always trigger.
Fix would be comparing build numbers with build numbers or version numbers with version numbers.
Since the script retrieves the version number, I would suggest to change test_version to 15.9.5