Patch Update

S Abijith 346 Reputation points
2024-03-25T10:23:34.7333333+00:00

Hi All,

We have a WPF application built on .Net Framework 4.8. We have found the below vulnerabilities associated with this version:

CVE-2023-36796 https://support.microsoft.com/help/5030178

CVE-2023-36794 https://support.microsoft.com/help/5030178

CVE-2023-36793 https://support.microsoft.com/help/5030178

CVE-2023-36792 https://support.microsoft.com/help/5030178

CVE-2023-36788 https://support.microsoft.com/help/5030178

CVE-2023-36899 https://support.microsoft.com/help/5029647

CVE-2023-24936 https://support.microsoft.com/help/5027536

CVE-2023-29331 https://support.microsoft.com/help/5027536

CVE-2023-29326 https://support.microsoft.com/help/5027536

CVE-2023-32030 https://support.microsoft.com/help/5027536

CVE-2023-24897 https://support.microsoft.com/help/5027536

CVE-2023-24895 https://support.microsoft.com/help/5027536

We deploy this application on Windows Server 2022 with .Net Framework 4.8. The latest patch version that was applied to the server is 'KB5034129'.

The patches needed for the vulnerabilities mentioned above are 'KB5030178', 'KB5029647' and 'KB5027536' whereas the patch found on the server is 'KB5034129'.

The question is since the patch installed on the server is of a higher number compared to the patches required, does the installed patch also resolve the vulnerabilities in question or do we need to install each patch separately.

Can anyone please let us know on this!

Any help is appreciated!!

Thank you in advance.

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,222 questions
0 comments No comments
{count} votes

Accepted answer
  1. Hui Liu-MSFT 38,191 Reputation points Microsoft Vendor
    2024-03-25T13:08:25.5933333+00:00

    Hi,@S Abijith. Welcome to Microsoft Q&A.

    In most cases, patches are cumulative, meaning that installing a higher-numbered patch includes all fixes from earlier patches.

    The web page of the first patch you cited says "cumulative" in the title. That means it incorporates all of the patches that preceded it.

    However, to ensure comprehensive security coverage and compliance, it's important to verify the contents of each patch, especially if they address specific vulnerabilities.

    You could read each document to find out what they contain. An increase in quantity does not mean anything

    And you can compare the details of the installed patch ('KB5034129') with the vulnerabilities mentioned in the release notes or security bulletins of the required patches. Determine if the vulnerabilities addressed by the required patches are also covered by the installed patch.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful