MS says vulns are patched, but Rapid7 still disagrees

I have a Windows 2019 server which is patched with the June cumulative update, but Rapid7is still showing vulnerabilities which were resolved in April’s cumulative – but not applied at that time. June’s cumulative eventually applied the April updates.

The server is reporting that all necessary KBs are applied. We’d like to know why Rapid7 seems to disagree.

Thoughts? Thanks in advance!

Have you tried actively scanning the device again since the patches were applied? I have noticed in some instances that vulnerabilities will hang on the platform unless actively scanned (as opposed to the agent reporting the information).

If you do not care about historical data… I have had vulns hang and remediated this by deleting the device from the platform and re-scanning it to reset any historical data.