I am getting a kerberos vulnerability on security scans

Question

I am getting a kerberos vulnerability on security scans

Ryan Lichfield 20

I am getting this hit on security scans(see below) on only 1 of 3 DC's that are all 2016. I have checked that all updates are applied and tried to apply KB5019966 manually, which results in a message that the update isn't needed(can get exact error if needed). In all my research I conclude that if updates are current then this is a false positive, can someone confirm those findings?

"The remote Windows host is missing security update 5019966. It is, therefore, affected by a Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)"

Answer 1

Dave Patrick 390.6K MVP

KB5019966 is the November 8, 2022-(OS Build 17763.3650) cumulative update. You can check the current build by running winver. If you find equal or a higher build number then you can safely ignore since the updates provided within KB5019966 are included in all later cumulative updates.

--please don't forget to close up the thread here by marking answer if the reply is helpful--

Dave Patrick 390.6K Reputation points MVP

2023-09-12T12:21:05.12+00:00

Just checking if there's any progress or updates?

--please don't forget to close up the thread here by marking answer if the reply is helpful--
Ryan Lichfield 20 Reputation points

2023-09-12T15:14:55.04+00:00

Yes, I mis-spoke about the OS version they are 2019 17763.4645. So I will flag the vuln as a false positive. Thank you Dave for confirming!
Dave Patrick 390.6K Reputation points MVP

2023-09-12T15:22:08.4133333+00:00

Sounds good, you're welcome.

I am getting a kerberos vulnerability on security scans

0 additional answers

Activity