1 Reply Latest reply on Mar 16, 2011 5:55 PM by historicalshavlikemployee

    CVE-2008-1446 False Positive

    Master
      Hello, I'm trying the patch management scanner and Shavlik shows CVE-2008-1446 on 2 Windows Server 2003 SP2 that don't have IIS installed. I'd like to know what is the string or the "pattern" verified by Shavlik for this vulnerability so I could check if it is a false positive or not. Thank you.
        • 1. Re: CVE-2008-1446 False Positive
          Master
          I am assuming that you are refering to the vulnerability addressed by KB953155 (Q953155). The scan detection logic will vary based upon operating system (e.g. which edition of Windows Server 2003 you are scanning). If you look to the Patch Information tab when selecting the missing patch in the scan results, you should see the reason for which the patch is identified as missing (e.g. file version is less than expected).

          When scanning for patches, NetChk Protect looks to the affected files and registry entries to identify the existence of the pertinent vulnerability. Even though IIS may not be installed, the affected files are likely present, and would thus require patching in order to mitigate the vulnerability.