Microsoft Windows Vulnerability False Positive

apkg · July 19, 2024, 8:38am

Hi All,

I believe there is false positive being reported with this Microsoft Windows vulnerabillity.

[Microsoft Windows Multiple Vulnerabilities (KB5040434) OID: 1.3.6.1.4.1.25623.1.0.834225]

Vulnerable range: 10.0.14393.0 - 110.0.14393.7154
File checked: C:\Windows\system32\Ntoskrnl.exe
File version: 10.0.14393.7155

I have confirmed the KB5040434 Windows update has been applied on the server being scanned, and the file version is even outside the Vulnerable range.

Could you check why Greenbone is still reporting this vulnerability as being present, please?

Many thanks,
APKG

apkg · July 19, 2024, 8:41am

A colleague has spotted what appears to be the issue here…

Vulnerable range: 10.0.14393.0 - 110.0.14393.7154
File checked: C:\Windows\system32\Ntoskrnl.exe
File version: 10.0.14393.7155

An extra 1 in the vulnerable range upper limit.

Antu · July 19, 2024, 11:15am

Hello apkg,

Thanks for reporting; we have updated the VT to fix the issue. Updated VT will be available in the feed soon,

Thanks,
Antu

LehmannTob · July 25, 2024, 6:29am

Hello Antu,

this false positive finding is still there and activ after 6 days.
Can you imagine how long it will be going until this NVT is updated?

Thanks a lot and best regards

Lukas · July 25, 2024, 5:37pm

Please note that the Community Feed does not have any SLA.

LehmannTob · July 29, 2024, 2:26pm

Hello Lukas,
yes I am aware of that.

The post can now definitely be closed, the false positive has been fixed since Saturday the 27th.

Greetings and read you soon.