326 questions
Misaligned KBs for CVE-2024-21413 creating bugs
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 32%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVD%3C/text%3E%3C/svg%3E)
Valentina De Feo
0
Reputation points
Good morning,
maybe someone can give me a heads up.
One of the customers in my company has reported a bug, claiming that over 300 machines are vulnerable to CVE-2024-21413.
They say they have installed KB5002700, that based on the info in the Microsoft catalog is a replacement/update to KB5002537 (which initially was the one fixing CVE-2024-21413).
The issue is that the customer still sees the vulnerability being present even with the updated KB. And they are not able to install the older KB (5002537) as it won’t install because it says its already there (yet that particular KB is NOT installed, but a superseded update has been -> KB5002700)
After some research it looks like MSRC is not reporting KB5002700 as one of the fixes for CVE-2024-21413
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
So it seems there is a misalignment between the MS Catalog and MSRC.
Can someone help me understand if Im missing something or if this is an actual mistake?
Thank you
Microsoft 365 and Office | Development | Microsoft 365 Developer Program
Sign in to answer