Looks like insightvm is not picking up patch tuesday march fully in our environment. Has anyone else noticed anything similar this month?
At a glance, I can see the chart isnt peaking as much as I would expect it to going by patch tuesdays in the past. Done some spot checks and found that some CVEs are not flagged on a lot of hosts, even my own. Going by the proof on the few assets insightvm did flag, mine should definitely be flagged with vulnerabilities. In fact, risk score for my asset and hundreds of others is 0 even though March Windows updates have not been applied yet across most of our org.
Does anyone else feel something is off this month with what you can see in your console? I have a support case open and i’ve been told everything is reporting/scanning/configured correctly but I still feel something is off this month.
Latest content update: 20th March
Latest product update: 15th March
Yes, same here. The 2023-03 Cumulative Update for Windows 10 doesn’t seem to exist in the InsightVM DB, in fact none of our non-Server assets seem to be coming up in the March Patch Tuesday dashboard or querries.
For example, running a query for CVE-2023-23404 (critical RCE in Windows PTPP affecting all supported versions of Windows) only returns assets running Windows Server, and only returns solutions for Windows Server.
Thanks for your reply. I’ve been working with Rapid7 about this all of last week. We have temporarily halted our reporting because we can’t really trust what the console is saying atm. They told me no other customers are reporting issues. They have an internal engineering case open to look into this. I’ll let you know what they say. Have you spoken to them about this?
Yes, having the same issue. Windows 10 March Patch Tuesday stats are totally off. Only about 35 out of over 2000+ Windows 10 machines are showing they actually need the patch. I have a support case open as well.
Quick update on this one. Rapid7 say there was a defect on March patch Tuesday detections for Windows 10 21H2. Fix applied in content release as of 6th April. Not saying this is fully resolved as I am yet to verify on my side.
Yes, we got the same answer from Rapid7 on our end. I can confirm as of April 6th/7th, suddenly all of the March CVEs and solutions appeared for our Windows 10 20H2 hosts.
Unfortunately, just in time for us to switch focus to April Patch Tuesday. Now this month we’re seeing the same behavior with Windows Server 2012 R2 servers.
We have a case open too (04468102). Do you mind sharing your Case #? I’d like to add it to our case notes so the engineer has another case to reference. The same might help you.
This really only started becoming an issue in Feb/March for us, but we’re also pretty new to InsightVM, so we haven’t had a critical eye on the data until recently.
I haven’t seen an issue with April on our side. After that fixed content release, scores came to where i expected them to be. In terms of past issues, to be honest no I haven’t seen missing items to this scale before in InsightVM. I inherited the tool when i joined my current org about a year and a half ago and patch tuesday items have been pretty consistent until about Feb 2023. They normally kick in on the Thursday.
I can think of one other time where scores jumped over night because of a change on the back end we were not aware about.