question

PeterBest-1109 avatar image
1 Vote"
PeterBest-1109 asked DSPatrick commented

My completely patched server 2016 is showing a vulnerability because webengine.dll - v2.0.50727 exists.

The Vulnerability scan doesn't like this file -
Vulnerable software installed: Microsoft .NET Framework 3.5 SP1

Based on the following 2 results:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\Webengine.dll - file does exist
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Webengine.dll has version 2.0.50727.8962


The Windows\Microsoft.NET\Framework folder has
v1.0.3705 folder
v1.1.4322 Folder
v2.0.50727 folder - which houses this vulnerable DLL
v3.0 folder
v3.5 folder
v4.0.30319 folder

Do I need to somehow apply a patch? When I force Windows update - Nothing is out there for me. I also don't feel I can/should simply delete this older Webengine.dll file Please help.


windows-server-2016
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just to verify - the server I’m having issues with is 2016. You feel this 2012 link will do the trick ? I appreciate your help.

1 Vote 1 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Sorry, my bad. I'd suggest installing the latest cumulative update for Server 2016 v1607
https://support.microsoft.com/en-us/topic/may-10-2022-kb5013952-os-build-14393-5125-0bb9f7e6-0360-4162-8eab-108e28d3a090
https://devblogs.microsoft.com/dotnet/framework-may-2022-updates/

If you look in the file info here it shows to be current.
https://download.microsoft.com/download/7/5/0/7504ab90-2820-4c04-8177-c86ed68da80d/5013952.csv



--please don't forget to upvote and Accept as answer if the reply is helpful--





· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

The server has had that 2022-05 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5013952) all along.

I can't figure this one out. I DO see this old vulnerable file existing -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Webengine.dll - file does exist


OS Version 1607 and 1809 (2019) seem to be involved. It's lie they won't take the .NET Framework update. I also noticed I don't see any previous .NET Framework update/patches applied in the past.

0 Votes 0 ·

If you look in the file info here it shows to be current. May 10, 2022—KB5013952 (OS Build 14393.5125)
https://download.microsoft.com/download/7/5/0/7504ab90-2820-4c04-8177-c86ed68da80d/5013952.csv

May need to ask the scan provider about this.



--please don't forget to upvote and Accept as answer if the reply is helpful--




1 Vote 1 ·

I do have a ticket out to scan provider. I also wonder if I'm missing a older .NET patch so this MAY 2022 patch won't apply.

My 4.7.folder does properly apply this webengine.dll file.

However, the old 2.0 folder keeps this vulnerable .dll in it. I hope that makes sense?

0 Votes 0 ·
Show more comments
PeterBest-1109 avatar image
0 Votes"
PeterBest-1109 answered DSPatrick commented

This is a false positive with the Scanning company. Thank you for your help with this. This is a answer and this all can be closed.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sounds good, you're welcome.


1 Vote 1 ·