4 Replies Latest reply on Jun 26, 2018 8:14 AM by martienvanloon

    Incorrect detection MS18-05-MRNET-4099634-en-WINDOWS SERVER 2012

    martienvanloon Rookie

      We have several Windows 2012 servers with .NET 4.6 installed.

      Our patching product is BSA that is using the shavlik catalogs.

      Why is shavlik detect that patch KB4096494 (for .NET 4.5.2) is missing ?

      Patch KB4096416 (for .NET 4.6) is installed.


      The following alert is written:

      windows8-rt-kb4096494-x64.msu-MS18-05-MRNET-4099634-en-WINDOWS SERVER 2012 STANDARD (X64)-Gold     Q4096494 Important     MS18-05-MRNET-4099634     CVE-2018-1039     N/A     WINDOWS SERVER 2012 STANDARD (X64)     Missing Security and Quality Rollup for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows 2012 Server 2012 (KB4099634)     This update resolves a vulnerability in Microsoft .NET framework that could cause denial of se...[Truncated]     The registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages_for_KB4096494~31bf3856ad364e35~amd64~~\CurrentState' does not exist. It is required for this patch to be considered installed.


      Why is shavlik searching for registry key for .NET 4.5.2 as .NET 4.6 is installed ?

      We have a few more than 100+ false possible alerts.