Patch Tuesday March 2023 not being picked up by insightVM

hi everyone,

Looks like insightvm is not picking up patch tuesday march fully in our environment. Has anyone else noticed anything similar this month?

At a glance, I can see the chart isnt peaking as much as I would expect it to going by patch tuesdays in the past. Done some spot checks and found that some CVEs are not flagged on a lot of hosts, even my own. Going by the proof on the few assets insightvm did flag, mine should definitely be flagged with vulnerabilities. In fact, risk score for my asset and hundreds of others is 0 even though March Windows updates have not been applied yet across most of our org.

Does anyone else feel something is off this month with what you can see in your console? I have a support case open and i’ve been told everything is reporting/scanning/configured correctly but I still feel something is off this month.

Latest content update: 20th March
Latest product update: 15th March

Yes, same here. The 2023-03 Cumulative Update for Windows 10 doesn’t seem to exist in the InsightVM DB, in fact none of our non-Server assets seem to be coming up in the March Patch Tuesday dashboard or querries.

For example, running a query for CVE-2023-23404 (critical RCE in Windows PTPP affecting all supported versions of Windows) only returns assets running Windows Server, and only returns solutions for Windows Server.

Hi David,

Thanks for your reply. I’ve been working with Rapid7 about this all of last week. We have temporarily halted our reporting because we can’t really trust what the console is saying atm. They told me no other customers are reporting issues. They have an internal engineering case open to look into this. I’ll let you know what they say. Have you spoken to them about this?

Mohammed

Same here as well with this issue

Yes, having the same issue. Windows 10 March Patch Tuesday stats are totally off. Only about 35 out of over 2000+ Windows 10 machines are showing they actually need the patch. I have a support case open as well.

hi @bgladding,

No solution for us yet. How are you getting on on your side?

hi Everyone,

Quick update on this one. Rapid7 say there was a defect on March patch Tuesday detections for Windows 10 21H2. Fix applied in content release as of 6th April. Not saying this is fully resolved as I am yet to verify on my side.

Hi Mohammed,

Yes, we got the same answer from Rapid7 on our end. I can confirm as of April 6th/7th, suddenly all of the March CVEs and solutions appeared for our Windows 10 20H2 hosts.

Unfortunately, just in time for us to switch focus to April Patch Tuesday. Now this month we’re seeing the same behavior with Windows Server 2012 R2 servers.

Same here for 2012 R2 the patches are missing, have just opened a case.

We are a new rapid7 customer. Is this a common occurrence, missing patches? A bit concerning.

Hi Grant,

We have a case open too (04468102). Do you mind sharing your Case #? I’d like to add it to our case notes so the engineer has another case to reference. The same might help you.

This really only started becoming an issue in Feb/March for us, but we’re also pretty new to InsightVM, so we haven’t had a critical eye on the data until recently.

Thanks will add your case number to mine for reference.

My case number is 04468472.

Gidday,
Have you had any feedback from support for your case?
I’m still waiting to hear back for mine.
Cheers,
Grant

Hi, back from a week off.

I haven’t seen an issue with April on our side. After that fixed content release, scores came to where i expected them to be. In terms of past issues, to be honest no I haven’t seen missing items to this scale before in InsightVM. I inherited the tool when i joined my current org about a year and a half ago and patch tuesday items have been pretty consistent until about Feb 2023. They normally kick in on the Thursday.

I can think of one other time where scores jumped over night because of a change on the back end we were not aware about.

hi

I have this issue with April updates now, March was OK… Just posted in forum until I found this

My case is 04471666 6 days old and no response

2016 and 2019 servers (we don’t have 2012)

thanks