Patch verification about particular vulnerability on virtual machine

Question

Is this patch: https://support.microsoft.com/kb/5028171 resolves below vulnerability? Microsoft CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability and second question, how to know whether above patch is installed on Virtual machine?

Answer 1

Hello, @Varma !

How do I resolve Microsoft CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability on my VM?

The Microsoft Security Response Center (MSRC) provides guidance on what KB/update (article) is needed to resolve the vulnerability. KB5028171 addresses the vulnerability for Windows Server 2022 and Windows Server 2022 (Server Core installation). For a full list, go to the MSRC page:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874https://msrc.microsoft.com/vulnerability/CVE-2023-36874

How do I know if an update has been applied to my VM?

You can check updates to your VM using Update Manager which can be accessed in a variety of ways: https://learn.microsoft.com/en-us/azure/update-manager/view-updates?tabs=singlevm-home%2Cat-scale-overview

For a single, selected VM:

Select your virtual machine to open the Virtual machines | Updates page. Under Operations, select Updates. On the Updates pane, select Go to Updates using Update Manager.

On the Updates page, select Check for updates. In Trigger assess now, select OK. An assessment is performed and a notification says Assessment is in progress. After the assessment, you see Assessment successful or Assessment failed.

For more information, see Update assessment scan.

---

I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!