MS13-098 anyone?

Since the weekend, we have started seeing MS13-098 come up as a missing patch (check is looking for a specific key in registry - all Windows 2016 servers).

Has anyone also come across this situation?

2 Likes

same here, we see this for

  • Microsoft Windows Server 2019 SE
  • Microsoft Windows Server 2016 SE
    The vulnerability definition/logic was changed on Aug 24, 2022, and first detected around Aug 26, 2022 (probably first scheduled scan after update)

Microsoft rereleased this CVE with additional remediation suggestions

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900

R7 updated the detection according to this new suggested remediation.

What is different?
As far as I can tell, the remediation steps are exactly the same. For 64-bit OSs, the recommendations are still to set the same two reg keys as originally published in 2013. We have set these two reg keys accordingly & rebooted, but R7 is still reporting the systems as vulnerable. From the article you linked, “the information herein remains unchanged from the original text published on December 10, 2013.”

1 Like

I added the Reg keys to our 2016 and 2022 template machines, rebooted, and R7 still says they are missing the Reg entries when they are clearly there… Anyone else still having issues too, or what I may have done wrong?

I just noticed this as well. Are there any updates from Rapid7?

I’m not sure about six days ago, but as of right now the remediation recommended at Microsoft Security Advisory 2915720 | Microsoft Learn is working for me. The one caveat if you are creating the registry entries manually is that they need to be string (or REG_SZ) entries; originally I had incorrectly created them as DWORD and Rapid7 flagged it as not addressed.

Yep, seeing the same thing; however, we just created the reg files and that took care of it. One of the sys admins is hoping to apply it through GPO for non-prod to test first. I’m not sure why it’s not working for some - unless it is now for you, hopefully.