Good Afternoon,
Did anyone else receive a bunch of findings for Palo Alto GlobalProtect App this week indicating an HKEY as proof? I verified my devices have an unaffected version greater than what Palo Alto indicates is vulnerable yet I’m still getting hits for all of these findings. I opened a case with Rapid7 as well but looking to see if anyone else is experiencing this recently.
Yes, same on my side. I put in a fp ticket.
I opened a case for it as well, the support folks noted that software updates/uninstalls should remove all remnants of it from the registry keys. I’m assuming something in our update process caused that to not happen during install. Then somehow this reg key was added to the proof of the vulnerability recently because for the past few months I haven’t seen any findings for this. If that isn’t the case then I have no idea. I would be curious @jgoins if you use ManageEngine to install your updates
We have noticed that Palo Alto has been releasing hotfixes more frequently over the past six months to address security issues, instead of updating the full version number. Previously, we did not experience problems with their updates, but this recent change in approach seems different. We are wondering if this shift is related to these still being reported as vuln’s.
Hopefully they realize this is a false positive and issue an update to remove it as a vulnerability.