Azure App service plan on Windows 2022 Security Updates.

Phillip TeTai 0 Reputation points

Azure Web App on App service plan running April 9 2024 build of Windows Server 2022 (OS Build 20348.2402). Have been audited by a 3rd party security company which have found 3x OS vulnerabilities for the following CVEs, CVE-2024-21344 - CVE-2024-21377 - CVE-2024-21362. Question - these CVEs were patched in the Feb 09 2024 (OS Build 20348.2322), why would these vulnerabilities show up in this report for this version of Server. Only reasons I can think of is report is old or OS has been updated by MS since the report was generated. Being Azure PaaS service there isn't a way to really confirm.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,574 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,326 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 6,360 Reputation points


    If the machine has been up to date from the internet directly, it means the related vulnerabilities should have been fixed. As for the report result, it is recommended to ask for help from the third party software support.

    0 comments No comments