If a cumulative update is installed but machine not rebooted, would the machine still be susceptible to the monthly vulnerability

halosec 40 Reputation points
2023-06-05T01:24:15.7466667+00:00

Hi team
Taking the example of the following vuln:
Microsoft CVE-2023-29324: Windows MSHTML Platform Security Feature Bypass Vulnerability
Solution: 2023-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5026362)

The KB is installed on the server via SCCM, but the server is not rebooted

Is the server still susceptible to the given vulnerability (in terms of exploitability)?

Thanks very much!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,605 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,613 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,011 questions
0 comments No comments
{count} votes

Accepted answer
  1. AllenLiu-MSFT 43,051 Reputation points Microsoft Vendor
    2023-06-05T02:18:05.1866667+00:00

    Hi, @halosec

    Thank you for posting in Microsoft Q&A forum.

    If the cumulative update has been installed but the machine has not been rebooted, the machine may still be susceptible to the monthly vulnerability. A reboot is necessary for some updates to take effect, and until the update is completely installed and active, it may not offer full protection against vulnerabilities.

    Whether or not a machine is susceptible to a specific vulnerability can depend on factors such as the nature of the vulnerability and the specific configuration of the machine. In the specific case of the CVE-2023-29324 vulnerability, the KB article states that the vulnerability can be addressed by installing the 2023-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5026362). However, there is no information provided on whether a reboot is necessary for the update to take effect.

    It is always recommended to follow best practices when it comes to patching and updating systems, which often includes rebooting the system after installing updates to ensure the updates are fully implemented and effective in addressing any vulnerabilities.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments No comments

0 additional answers

Sort by: Most helpful