anyone having trouble with Rapid7 IVM recognizing the cumulative updates with KBS listed have been applied?
Ours seem to be working fine.
We’re seeing this with KB5055526. About to log a support ticket.
1 Like
I opened a case on Wednesday and they have not agreed that it is the tool and not the patches. I’m hoping to get some answers today.
We logged a case on Friday, and I updated it today. This issue affects all our Windows 11 23H2 systems; all other versions of Windows 11 and our Windows 10 systems appear fine.
Intune shows these same systems as patched, our patch management system shows patched, and the Windows Update console indicates that the cumulative update has been successfully installed. The Windows version matches what Microsoft says it should be.
R7 Proof reports: Vulnerable OS: Microsoft Windows 11 23H2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
UBR contains 5189
5189 is the correct version, so this has to be an R7 bug.
1 Like
Thank you for sending us the requested logs, as per review, I have confirmed that this is related to the ongoing investigation on the False Positive results for Patch Tuesday vulnerabilities. I have attached this case to that ongoing investigation.
The engineering team will review the ticket and make a decision based on the evidence if the issue is a legitimate defect/bug. Unfortunately, we do not have an ETA for when this will be qualified but we will ensure you provide you with regular updates when new information surfaces.
Also, Impacts Window Servers 2016, 2019, 2022, and 2025.
1 Like
Thanks for the information on the servers i noticed that looked off this morning for me too but i hadn’t dug in yet. Based on what i saw this morning none of the servers appeared to be patched but my patch management had different results.
From my support ticket:
“It looks like a fix has been included in this week’s product release, scheduled for Wednesday. Once that update is applied in your environment, the issue should be resolved”.
2 Likes
okay same here! Thank you.
oh great just saw this ! Thanks again.
I agree i was thinking the same thing i’m glad we arent the only ones then at first I thought we were doing something wrong. Thank you for the feed!
@mwelch thank you!
we also met this similar issue in windows 2019 server.
According to R7, they recommend us to install KB5055519 for server 2019.1809.
Then our patch team installed this patch from MS.
But when we rescan the asset by R7, R7 still flagged it is vulnerable to Apr patch. The proof shows the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, UBR contains 7136. but actually, according to MS:https://support.microsoft.com/en-us/topic/april-8-2025-kb5055519-os-build-17763-7136-417d1340-ce40-4d0b-98ac-637c0f6dca35, the 17763.7136 is the correct UBR after installed KB5055519. But MS have an update for Apr patch: https://support.microsoft.com/en-us/topic/april-16-2025-kb5059091-os-build-17763-7249-out-of-band-328ff8b5-7c6b-4f06-95cc-67fbd18b3ffb.
I think maybe R7 not yet update the proof (7136 is not vulnerable to the Apr patch anymore) or the solution (should refer to the KB5059091).