Wazuh Vulnerabilities Module

[Hassnain Javed]

We identified vulnerabilities in Wazuh related to Windows 21H2 when assessing Agent XYZ. However, upon inspecting the Windows system, we observed that it has been upgraded to version 11, build 23H2. Despite the upgrade, Wazuh is still indicating vulnerabilities from the previous version. How can we address and eliminate these outdated vulnerabilities in the current situation?

[Andres Micalizzi]

Hello Hassnain.

Thanks for using Wazuh.

I have a few questions:

• The vulnerabilities are showing as Active? 
• has a new vulnerability scan been executed on the agent? depending on the VDT configuration, a scan might not have run so you might be seeing data related to the old version.
• Have you checked that this vulnerabilities are fixed in build 23H2? 

It yould be useful to have a bit more information on what CVEs are still affecting your agent, and some more information, so we can try to replicate the issue or check if it's a false positive or a bug.

Cheers,
Andrés

[Hassnain Javed]

 Yes still  vulnerabilities are showing as Active 

the full scan been run yesterday and partial scan run today.

 We verified that the system has been upgraded to the new version, build 23H2. However, our understanding is that these recent patches may not address older vulnerabilities. 

Should we consider downgrading to the previous version, install the corresponding patches, and will it fix from the Wazuh catalog?

[Andres Micalizzi]

Hello Hassain, 

Sorry for the late reply. It seems from what I checked, that this vulnerabilities still affect windows. If you check for example the first two CVE-2022-34721 and CVE-2022-34722 both are vulnerable in any distribution of Windows 11. This is not a false positive or related with Wazuh.

You can check the NVD for further details on the rest of your vulnerabilities to make sure there are no errors. In case you detect a false positive, you can send us another reply or open an Issue reporting it.

I hope this clears your question.

Cheers.