Environment
- Carbon Black Cloud: All Products
Question
The patch for the CVE was deployed; Why is it still showing?
Answer
Troubleshooting steps for Windows endpoints:
1. Navigate to the specific CVE. For example:
https://nvd.nist.gov/vuln/detail/CVE-2023-36025#match-10046953
2. If a patch is available, then it should be linked from that site. Continuing with the example:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025
3. Locate the OS and KB required to resolve.
4. On the impacted system type: (KB case sensitive)
dism /online /get-packages | findstr KB2894856
5. If the KB is not listed, then it may not be installed and should be installed.
- Some KB's are included in rollups and may not be searchable the same way; May require further investigation.
6. If the patch was installed, then determine if the Console has had enough time to update the sensor status.
Use Live Query to pull the patch information.
7. Please open a CB Support case if Live Query is working, CBC has had time to scan, and the CBC Console continues to report the impacted machine is vulnerable.
Related Content
