This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 26%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
the Kenna Security vulnerability scanner is reporting the CVEs below on a 2012 R2 domain controller but i am unable to find a patch or any documentation that reflects this
CVE-2022-22711(Windows BitLocker Information Disclosure Vulnerability)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22711
Available patches are only for server 2016 and later
CVE-2022-29131 (Windows LDAP Remote Code Execution Vulnerability)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29131
Available patches are only for server 2019 and later
security update guide page is reporting the same https://msrc.microsoft.com/update-guide/
just trying to confirm before sending something to Kenna Security that these two CVEs do not apply
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Looks like these ones for Server 2012 R2
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29127
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29139
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thank you DSPatrick
NIST has CVEs (CVE-2022-22711 / CVE-2022-29131) as applying to 2012 R2
but this could be a reporting issue on their end
CVE-2022-22711:
https://nvd.nist.gov/vuln/detail/CVE-2022-22711
CVE-2022-29131 :
https://nvd.nist.gov/vuln/detail/CVE-2022-29131#vulnConfigurationsArea
The two I mentioned address the two issues you raised but for Server 2012 R2
--please don't forget to upvote and Accept as answer if the reply is helpful--