KB3205640 is what's known as a "Bulletin KB". It's the KB number for the MS16-155 bulletin, but there isn't any patch that has that Kb number. If you navigate to the KB article page here, you'll see the actually downloadable and deployable patches are all different KB numbers, that are under the "umbrella" of KB3205640. I've seen Nessus report this a lot, even when all applicable updates for the bulletin are installed.
For the java update, we'd need to know what version and update of java you have installed to be sure of the nature of that. You can check in a command prompt by running: "java -version"
In regards to MS16-155, it would appear that the Nessus report is reporting that as a false positive? I don't see that it is installed on the server in question. Here is what Nessus reports:
Is this an expected behavior even though Shavlik does not report it as missing?
As for the Java Version, it is running on JRE 7.0.79
So for Java, the reason is that the last public release for Java 7 is update 79/80. Update 79 is the CPU release (purely security) and 80 is the PSU release (other fixes). Update 80 is a non security patch, so it won't be offered in a security patch scan. To get the update Nessus is referring to, you would need to have a support contract with Oracle to access those extended support updates.
For the .NET update, I would try running a WUScan. I looked at our classifications, and only 3 variants of the update are classified as Security, while the other 13 are Non Security. It may not be a false positive, just a filtering issue.
Based on some (possibly incorrect) assumptions, you should look in the results for Q3210136 (applies to .NET 4.6 and 4.6.1), as well as one of the following, depending on OS:
Q3210132 - 2012 R2/Win 8.1
Q3210131 - 2008 R2/Win 7
Q3210130 - 2012
All of these are classified as non security, since they also contain non security bug fixes/improvements. The 3 security updates under MS16-155 don't affect the 2 files Nessus is looking at, so they likely aren't applicable, or are already installed.
Excellent, thank you for the information.This sheds some light on our Nessus reports.