How is InsightVM handling Cve-2023-36884 now that an ADV230003 patch was published?

rrobertrice_ivm · August 10, 2023, 12:29pm

According to the discussion here: Cve-2023-36884 - #7 by kevin_mccabe
Insight wouldn’t detect it unless the registry change was made. We however created an ASR using Defender for it as one of the optional workarounds.

Now that Microsoft has released the ADV230003 how will Insight track this? Ours is still saying there is no patch remediation available.

kevin_mccabe · August 10, 2023, 1:51pm

We have now released checks for CVE-2023-36884 which are looking for the remediation as outlined in the Microsoft advisory.

The temporary check we had in place will be getting deprecated today, and should disappear once todays content release is applied. This is due to be released later today.

rrobertrice_ivm · August 10, 2023, 2:10pm

Excellent news. Thank you for the update.