I am getting a kerberos vulnerability on security scans

Ryan Lichfield 20 Reputation points
2023-09-11T19:52:30.72+00:00

I am getting this hit on security scans(see below) on only 1 of 3 DC's that are all 2016. I have checked that all updates are applied and tried to apply KB5019966 manually, which results in a message that the update isn't needed(can get exact error if needed). In all my research I conclude that if updates are current then this is a false positive, can someone confirm those findings?

"The remote Windows host is missing security update 5019966. It is, therefore, affected by a Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)"

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,845 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dave Patrick 390.6K Reputation points MVP
    2023-09-11T20:20:01.11+00:00

    KB5019966 is the November 8, 2022-(OS Build 17763.3650) cumulative update. You can check the current build by running winver. If you find equal or a higher build number then you can safely ignore since the updates provided within KB5019966 are included in all later cumulative updates.

    --please don't forget to close up the thread here by marking answer if the reply is helpful--

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful