Windows 10: Fully patched Win10 machine still showing vulnerabilities in IE11 according to Windows...

I have a Windows 10 machine build 10.0.18363.1316. It is licensed for Windows Defender ATP which is saying it has several vulnerabilities for IE11 due to it being out of date EG: CVE-2020-0847. I have checked and it is true, the EXE for IE is ver 11.00.18362.1 Microsoft Defender Security reports 11.1198.18362.0. However I have the latest CU for Windows 10 installed KB4598229. How is this possible that it has not been updated? The CVE is from March last year.

According to this article the way to tell the update version of IE11 in Windows 10 is via the registry. On the vulnerable machine this is listed as KB4586768, which isn't an update for Windows 10, but a cumulative update for IE11 from November last year, however even this can't be accurate because the sample CVE I listed above was supposed to be patch March 2020.


None of this makes sense. Any ideas on why IE is not properly patched?

:)

 

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

 

Yet another Adobe Flash security hole that needs patching. Win10

According to this Qualys article, Adobe released

APSB16-36 yesterday "to fix one 0-day vulnerability in Flash. The vulnerability is currently being used in active attacks and therefore Adobe released this emergency fix. If left un-patched, attackers can remotely take
complete control of the machine."

When will Microsoft release its update for its embedded Flash in Win10 please?

 

Patching windows 10 vulnerabilities

Hi,

I'm new to windows and to the community so excuse me if I miss some community guidelines.

I've installed windows 10 (build number 14390) a few days ago, and today out of paranoia run a vulnerability scan using retina community. The report came out very colorful (6 high risk vulnerabilies) . I have almost nothing installed apart from the following:

• Visual Studio Code
• Visual Studio Community edition
• Cmder
• MongoDb/Nodejs with some Npm modules
• VLC

I was confused by the fact that almost all the vulnerabilities were Microsoft Office or Microsoft VB6 related and I don't have any of that installed.

Any idea where should I look for patches or how to proceed to fix those problems?

The report included links for Microsoft security bulletins related to each problem but I could not find any software I have installed in order to update it.

I think it goes without saying that I install all the updates Microsoft update finds daily.

Thank you for your time.