Vulnerability - Windows not reporting OS
342 views
Skip to first unread message
John Archbold
Nov 20, 2023, 6:19:55 AM11/20/23
to Wazuh | Mailing List
Hi,
sqlite3 /var/ossec/queue/db/004.db 'select count(*) from vuln_cves'
0
<interval>30m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
I've been testing Wazuh 4.6.0 on a fresh build with opensearch et al, default install and agents enrolled.
Vulnerability management is working for macOS and *nix, but not Windows server or desktop; I appreciate there are a lot of messages on this subject in here so i've tried my best to look at common themes and investigate. I've upped the debug level on the manager and agents to collect all logs.
MSU and NVD feeds are coming in:
Nov 20, 2023 @ 10:46:06.000 wazuh-modulesd:vulnerability-detector INFO (5400): Starting 'Microsoft Security Update' database update.
Nov 20, 2023 @ 10:46:06.000 wazuh-modulesd:vulnerability-detector DEBUG (5406): The feed 'Microsoft Security Update' is in its latest version.
Nov 20, 2023 @ 10:46:06.000 wazuh-modulesd:vulnerability-detector INFO (5430): The update of the 'Microsoft Security Update' feed finished successfully.
Nov 20, 2023 @ 09:45:41.000 wazuh-modulesd:vulnerability-detector INFO (5400): Starting 'Microsoft Security Update' database update.
Nov 20, 2023 @ 09:45:41.000 wazuh-modulesd:vulnerability-detector DEBUG (5406): The feed 'Microsoft Security Update' is in its latest version.
Nov 20, 2023 @ 09:45:41.000 wazuh-modulesd:vulnerability-detector INFO (5430): The update of the 'Microsoft Security Update' feed finished successfully.
Nov 20, 2023 @ 10:46:06.000 wazuh-modulesd:vulnerability-detector INFO (5400): Starting 'National Vulnerability Database' database update.
Nov 20, 2023 @ 10:46:06.000 wazuh-modulesd:vulnerability-detector DEBUG (5401): Synchronizing the National Vulnerability Database.
Nov 20, 2023 @ 10:46:06.000 wazuh-modulesd:vulnerability-detector INFO (5430): The update of the 'National Vulnerability Database' feed finished successfully.
Nov 20, 2023 @ 09:45:41.000 wazuh-modulesd:vulnerability-detector INFO (5400): Starting 'National Vulnerability Database' database update.
Nov 20, 2023 @ 09:45:41.000 wazuh-modulesd:vulnerability-detector DEBUG (5401): Synchronizing the National Vulnerability Database.
Nov 20, 2023 @ 09:45:41.000 wazuh-modulesd:vulnerability-detector INFO (5430): The update of the 'National Vulnerability Database' feed finished successfully.
Checking the SQLite database shows there are listed CVEs for Win11 and Win10
sqlite> SELECT COUNT (*) FROM msu WHERE PRODUCT LIKE "%Windows 10%";
33129
sqlite> SELECT COUNT (*) FROM msu WHERE PRODUCT LIKE "%Windows 11%";
2994
33129
sqlite> SELECT COUNT (*) FROM msu WHERE PRODUCT LIKE "%Windows 11%";
2994
Checking against specific agents vulns:
sqlite3 /var/ossec/queue/db/006.db 'select count(*) from vuln_cves'
0
0
sqlite3 /var/ossec/queue/db/004.db 'select count(*) from vuln_cves'
0
Manager Ossec:
<vulnerability-detector>
<enabled>yes</enabled><interval>30m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
Shared Default agent.conf
<agent_config>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<hotfixes>yes</hotfixes>
<ports all="no">yes</ports>
<processes>yes</processes>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
</agent_config>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<hotfixes>yes</hotfixes>
<ports all="no">yes</ports>
<processes>yes</processes>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
</agent_config>
Agent 004 results from manager log:
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5438): A full scan will be run on agent '004'
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5437): Collecting agent '004' software.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'o:microsoft:windows_11_21h2:10.0.22000.2416::::::x64:' from the agent '004' was indexed.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:wazuh:wazuh:4.6.0::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:google:chrome:119.0.6045.124::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:microsoft:edge_chromium:119.0.2151.58::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:microsoft:edge_chromium:119.0.2151.58::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5451): Analyzing NVD vulnerabilities for agent '004'
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5454): We have not found a hotfix that solves 'CVE-2022-21871' for agent '004' in the Microsoft feed, so it is not possible to know it is vulnerable.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5454): We have not found a hotfix that solves 'CVE-2022-26934' for agent '004' in the Microsoft feed, so it is not possible to know it is vulnerable.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5454): We have not found a hotfix that solves 'CVE-2023-21693' for agent '004' in the Microsoft feed, so it is not possible to know it is vulnerable.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5454): We have not found a hotfix that solves 'CVE-2023-21694' for agent '004' in the Microsoft feed, so it is not possible to know it is vulnerable.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5454): We have not found a hotfix that solves 'CVE-2023-21695' for agent '004' in the Microsoft feed, so it is not possible to know it is vulnerable.
..... lots of the same
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5454): We have not found a hotfix that solves 'CVE-2023-38254' for agent '004' in the Microsoft feed, so it is not possible to know it is vulnerable.
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '004'
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5466): Sending vulnerabilities report for agent '004'
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5470): It took '0' seconds to 'report' vulnerabilities in agent '004'
Nov 20, 2023 @ 10:46:07.000 wazuh-modulesd:vulnerability-detector DEBUG (5470): It took '0' seconds to 'scan' vulnerabilities in agent '004'
Nov 20, 2023 @ 10:46:08.000 wazuh-modulesd:vulnerability-detector DEBUG (5453): Agent '006' has installed 'KB5032198' that corrects the vulnerability 'CVE-2022-38004'
Nov 20, 2023 @ 11:16:08.000 wazuh-modulesd:vulnerability-detector DEBUG (5439): A partial scan will be run on agent '004'
Nov 20, 2023 @ 11:16:08.000 wazuh-modulesd:vulnerability-detector DEBUG (5437): Collecting agent '004' software.
Nov 20, 2023 @ 11:16:08.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:google:chrome:119.0.6045.160::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 11:16:08.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:microsoft:edge_chromium:119.0.2151.72::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 11:16:08.000 wazuh-modulesd:vulnerability-detector DEBUG (5446): The CPE 'a:microsoft:edge_chromium:119.0.2151.72::::::x86:' from the agent '004' was indexed.
Nov 20, 2023 @ 11:16:09.000 wazuh-modulesd:vulnerability-detector DEBUG (5451): Analyzing NVD vulnerabilities for agent '004'
Nov 20, 2023 @ 11:16:09.000 wazuh-modulesd:vulnerability-detector DEBUG (5470): It took '0' seconds to 'find NVD' vulnerabilities in agent '004'
Nov 20, 2023 @ 11:16:09.000 wazuh-modulesd:vulnerability-detector DEBUG (5466): Sending vulnerabilities report for agent '004'
Nov 20, 2023 @ 11:16:09.000 wazuh-modulesd:vulnerability-detector DEBUG (5470): It took '0' seconds to 'report' vulnerabilities in agent '004'
Nov 20, 2023 @ 11:16:09.000 wazuh-modulesd:vulnerability-detector DEBUG (5470): It took '1' seconds to 'scan' vulnerabilities in agent '004'
I cannot work out what is wrong; the syscollector is working as i'm seeing _all_ the packages, the nvd and msu are working as i see them in SQLite, just vulns aren't reporting.
How do i continue to debug this?
Best
John
Marcel Kemp
Nov 20, 2023, 11:56:47 AM11/20/23
to Wazuh | Mailing List
Hi John,
First of all, if a Windows agent does not report any vulnerability, it does not mean that Vulnerability Detector is not working properly, since the absence of vulnerabilities in the Windows OS could be attributed to one of the following points:
- That the OS is up-to-date with the latest hotfixes, because the hotfixes for Windows that Microsoft applies are cumulative, so having the latest hotfix, would result in no vulnerabilities being shown in the system.
- You can verify this with the MSRC, which is the official source used to generate our MSU.
- The packages you have installed do not have a corresponding translation in the CPE Helper, which is the dictionary that Wazuh uses for some of the most common programs. Without such a translation, the package, not being standardized as on Linux, cannot get the corresponding CPE, so it cannot search and find the vulnerabilities in the NVD.
- More information about the CPE Helper and add translations in the following thread: https://groups.google.com/g/wazuh/c/HzKJuw8qDgA/m/-3Dr8Mm4AAAJ
To identify what is happening in your specific case, I will request the following information:
> You can obtain this information using the API as follows (for example, from the WUI you can use the following tool to run the queries: Modules -> tools -> API console):
- Hotfixes: GET /syscollector/{agent_id}/hotfixes
- Packages: GET /syscollector/{agent_id}/packages
- Vulnerabilities: GET /vulnerability/{agent_id}
- OS: GET /syscollector/{agent_id}/os
If you have any questions, don't hesitate to ask.
John Archbold
Nov 21, 2023, 6:47:26 AM11/21/23
to Wazuh | Mailing List
Thanks, I'll have a look at the CPE helper file; I thought I had to be honest.
It's happening on all Windows devices, and ive purposefully chosen ones with vulns.
I'll report back once I've done some work on it
Best
J
John Archbold
Nov 21, 2023, 7:32:07 AM11/21/23
to Wazuh | Mailing List
Hi Marcel,
I reviewed the CPE helper and it's in place and the default installed file; I haven't made any changes, I don't see references to Windows 11 or Windows 10 for vulnerabilities, but then I also don't see those referenced in my prod environment.
Hotfixes
{
"data": {
"affected_items": [
{
"hotfix": "KB2468871",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2478063",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2533523",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2544514",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
"data": {
"affected_items": [
{
"hotfix": "KB2468871",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2478063",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2533523",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2544514",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
... loads more
packages:
"data": {
"affected_items": [
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Microsoft Corporation",
"name": "Calculator",
"architecture": "x86_64",
"install_time": " ",
"format": "win",
"version": "11.2307.4.0",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe",
"priority": " ",
"agent_id": "004"
},
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Microsoft Corporation",
"name": "Maps",
"architecture": "x86_64",
"install_time": " ",
"format": "win",
"version": "1.0.57.0",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsMaps_1.0.57.0_x64__8wekyb3d8bbwe",
"priority": " ",
"agent_id": "004"
},
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Realtek Semiconductor Corp.",
"name": "Realtek High Definition Audio Driver",
"architecture": "i686",
"install_time": "2021-12-13T14:13:20+00:00",
"format": "win",
"version": "6.0.8934.1",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\Realtek\\Audio\\HDA",
"priority": " ",
"agent_id": "004"
},
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Microsoft Studios",
"name": "Solitaire & Casual Games",
"architecture": "x86_64",
"install_time": " ",
"format": "win",
"version": "4.18.11019.0",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftSolitaireCollection_4.18.11019.0_x64__8wekyb3d8bbwe",
"priority": " ",
"agent_id": "004"
},
"affected_items": [
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Microsoft Corporation",
"name": "Calculator",
"architecture": "x86_64",
"install_time": " ",
"format": "win",
"version": "11.2307.4.0",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe",
"priority": " ",
"agent_id": "004"
},
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Microsoft Corporation",
"name": "Maps",
"architecture": "x86_64",
"install_time": " ",
"format": "win",
"version": "1.0.57.0",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsMaps_1.0.57.0_x64__8wekyb3d8bbwe",
"priority": " ",
"agent_id": "004"
},
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Realtek Semiconductor Corp.",
"name": "Realtek High Definition Audio Driver",
"architecture": "i686",
"install_time": "2021-12-13T14:13:20+00:00",
"format": "win",
"version": "6.0.8934.1",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\Realtek\\Audio\\HDA",
"priority": " ",
"agent_id": "004"
},
{
"scan": {
"id": 0,
"time": "2023-11-16T12:49:28+00:00"
},
"section": " ",
"vendor": "Microsoft Studios",
"name": "Solitaire & Casual Games",
"architecture": "x86_64",
"install_time": " ",
"format": "win",
"version": "4.18.11019.0",
"source": " ",
"size": 0,
"description": " ",
"location": "C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftSolitaireCollection_4.18.11019.0_x64__8wekyb3d8bbwe",
"priority": " ",
"agent_id": "004"
},
Vulnerability:
{
"data": {
"affected_items": [],
"total_affected_items": 0,
"total_failed_items": 0,
"failed_items": []
},
"message": "No vulnerabilities were returned",
"error": 0
}
"data": {
"affected_items": [],
"total_affected_items": 0,
"total_failed_items": 0,
"failed_items": []
},
"message": "No vulnerabilities were returned",
"error": 0
}
Syscollector:
{
"data": {
"affected_items": [
{
"os": {
"build": "22000.2416",
"display_version": "21H2",
"major": "10",
"minor": "0",
"name": "Microsoft Windows 11 Pro",
"version": "10.0.22000.2416"
},
"scan": {
"id": 0,
"time": "2023-11-20T10:50:35+00:00"
},
"os_release": "2009",
"architecture": "x86_64",
"hostname": "DESKTOP-8OKPSDP",
"agent_id": "004"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All specified syscollector information was returned",
"error": 0
}
"data": {
"affected_items": [
{
"os": {
"build": "22000.2416",
"display_version": "21H2",
"major": "10",
"minor": "0",
"name": "Microsoft Windows 11 Pro",
"version": "10.0.22000.2416"
},
"scan": {
"id": 0,
"time": "2023-11-20T10:50:35+00:00"
},
"os_release": "2009",
"architecture": "x86_64",
"hostname": "DESKTOP-8OKPSDP",
"agent_id": "004"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All specified syscollector information was returned",
"error": 0
}
Thanks for your help so far!
John
Marcel Kemp
Nov 21, 2023, 10:16:12 AM11/21/23
to Wazuh | Mailing List
Hi again John,
The problem is not that the CPE Helper is missing, but that the dictionary itself is very limited according to the translations it has, as you can see in the file:
So, if you want to find the vulnerabilities of that package, then you will need to add its corresponding translation (if it is not currently found):
The problem is not that the CPE Helper is missing, but that the dictionary itself is very limited according to the translations it has, as you can see in the file:
- CPE Helper dictionary: https://github.com/wazuh/wazuh/blob/master/src/wazuh_modules/vulnerability_detector/cpe_helper.json
- Example of a package without translation:
- Package: Realtek High Definition Audio Driver
- CPE: cpe:2.3:a:dell:realtek_high_definition_audio_driver:-:*:*:*:*:*:*:*
So, if you want to find the vulnerabilities of that package, then you will need to add its corresponding translation (if it is not currently found):
- Guide to adding translation to CPE Helper: https://www.reddit.com/r/Wazuh/comments/16gmb4s/comment/k0evhmz/?utm_source=share&utm_medium=web2x&context=3
- Hotfixes: GET /syscollector/{agent_id}/hotfixes
John Archbold
Nov 21, 2023, 10:39:33 AM11/21/23
to Wazuh | Mailing List
Hi Marcel,
I've attached the output.. hope this helps.
I don't know if I'm explaining myself correctly, I'm talking about missing Windows OS patches; here are my platforms:
- Prod: 4.5.4 - no changes to CPE Helper, all OS vulnerabilies are being exposed
- Dev: 4.6.0 - base install with config, Linux and macOS vulnerabilities are exposed, Microsoft OS vulnerabilities are not being exposed.
I've checked the CPE helper on both and they're the same from what I can tell, I need to do a full comparison to confirm.
J
Marcel Kemp
Nov 21, 2023, 12:48:25 PM11/21/23
to Wazuh | Mailing List
Sorry, but I can't see the complete list of hotfixes that you have shared, because I don't see any attachment, and the only thing I can see is the following:
-----------------------------
Hotfixes
Hotfixes
{
"data": {
"affected_items": [
{
"hotfix": "KB2468871",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2478063",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2533523",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2544514",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
"data": {
"affected_items": [
{
"hotfix": "KB2468871",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2478063",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2533523",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
{
"hotfix": "KB2544514",
"scan_id": 0,
"scan_time": "2023-11-16T12:49:29+00:00",
"agent_id": "004"
},
... loads more
Could you please attach it again?
According to v4.5.4 and v4.6.0, there is no difference between both versions regarding the detection of vulnerabilities of the Windows agent system, so it should theoretically detect the same vulnerabilities, which in the case of being updated with the latest hotfix, would be none.
If you have a Windows agent connected to v4.5.4 that detects vulnerabilities, could you connect it for a moment to the v4.6.0 manager to see if it detects the same?
Thanks in advance.
Marcel Kemp
Nov 22, 2023, 10:22:49 AM11/22/23
to Wazuh | Mailing List
Well, thanks to the information you have shared with me, I have been able to find out that there is a bug in the code that affects the detection of system vulnerabilities, specifically for Windows 11 21H2.
This bug is due to the fact that the regex that should match the product does not match due to a lowercase letter. I have opened the following issue to fix it ASAP, where I explain in detail the problem:
I have noticed, because the following vulnerability should be reported:
This bug is due to the fact that the regex that should match the product does not match due to a lowercase letter. I have opened the following issue to fix it ASAP, where I explain in detail the problem:
I have noticed, because the following vulnerability should be reported:
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36719
- MSRC: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36719
Which is fixed with the new hotfix: KB5032192
Sorry for the inconvenience, and thank you very much for your help!
Reply all
Reply to author
Forward
0 new messages