My completely patched server 2016 is showing a vulnerability because webengine.dll - v2.0.50727 exists.

Peter Best 31 Reputation points
2022-05-18T21:12:13.547+00:00

The Vulnerability scan doesn't like this file -
Vulnerable software installed: Microsoft .NET Framework 3.5 SP1

Based on the following 2 results:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\Webengine.dll - file does exist
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Webengine.dll has version 2.0.50727.8962

The Windows\Microsoft.NET\Framework folder has
v1.0.3705 folder
v1.1.4322 Folder
v2.0.50727 folder - which houses this vulnerable DLL
v3.0 folder
v3.5 folder
v4.0.30319 folder

Do I need to somehow apply a patch? When I force Windows update - Nothing is out there for me. I also don't feel I can/should simply delete this older Webengine.dll file Please help.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
Accepted answer
  1. Dave Patrick 426K Reputation points MVP
    2022-05-18T22:11:48.03+00:00

    Sorry, my bad. I'd suggest installing the latest cumulative update for Server 2016 v1607
    https://support.microsoft.com/en-us/topic/may-10-2022-kb5013952-os-build-14393-5125-0bb9f7e6-0360-4162-8eab-108e28d3a090
    https://devblogs.microsoft.com/dotnet/framework-may-2022-updates/

    If you look in the file info here it shows to be current.
    https://download.microsoft.com/download/7/5/0/7504ab90-2820-4c04-8177-c86ed68da80d/5013952.csv

    --please don't forget to upvote and Accept as answer if the reply is helpful--

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Peter Best 31 Reputation points
    2022-05-20T16:53:22.023+00:00

    This is a false positive with the Scanning company. Thank you for your help with this. This is a answer and this all can be closed.