Just a heads up -
In my enviro (and I have confirmed with Support), the Win11 24H2 “Solution” for the April Security Updates is the incorrect KB#. Support has sent the ticket over to engineering to fix on the backend, figured I'd post here as well in case other users were experiencing wrong information for their patch Tuesday reporting/remediation projects.
yes, i face the same issue, but to resolve temprorary you can create the project after 2 or 3 days, it will resolve this.
Not in my case. The issue is the wrong solution ID is still showing for the assets, so they are still showing as vulnerable. Nothing inherently wrong with the remediation project itself.
I have also an issue with this update. I tested it on my personal Windows 11 24H2 Client. Latest patch was installed, the scan proof states:
Vulnerable OS: Microsoft Windows 11 24H2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
However, Rapid7 still gives me 135 Vulnerabilities on my client and when I check Microsoft defender results, there are no OS vulnerabilities anymore since yesterday.
Same exact thing here. If you look down you’ll probably notice that the solution KB listed at the bottom is actually for a Windows Server 2025 patch, not a Win11 24H2 patch. I have a ticket sitting with engineering right now, been in since Friday. Kinda crazy it hasn’t been fixed yet….
Yeah, it’s wild. I’m now even more eager to finish and publish my new Power BI dashboard based on vulnerability results from Microsoft Defender. At least it provides reliable results for its own products, even though their software is responsible for so many vulnerabilities. 
Just curious - how does Defender compare to IVM from a vulnerability management perspective? We are just IVM/IDR customers (no insightConnect), and are bringing on a new GCC high tenant later on and may just lean into Defenders capabilities rather than re-bring everything over into the R7 suite…
@mblough Just to leave some numbers here for comparison. Currently because of the huge amount of newly published vulnerabilities from MS, Google and others rapid7 (status: 23.04.2026) has found:
Checked Devices: 10’000
Total Vuln: 1.2 Mio. (number decreasing day by day)
On Microsoft Defender:
Checked Devices: ~10’000
Total Vuln: 2.8 Mio (number decreasing day by day)
The gap is huge. I am now in the process to compare the results from MS Defender and Rapid7 in more detail. Takes some time though.
That’s a huge discrepancy. We’re moving from MTC-essentials to Defender (Microsoft Defender Vulnerability Management) and Sentinel, as R7 is unable to provide us unlimited data ingestion for InsightIDR when we drop down to InsightVM and InsightIDR standalone (not on MTC). But building PBI dashboards for Defender VM will be nice.
Yeah, I’m aware the difference is significant, and I already raised this during our regular check-in call with Rapid7 last week. If they want to remain relevant in the near future, they need to either strengthen their vulnerability detection capabilities or find a way to integrate and enrich Rapid7 InsightVM findings with the findings from Defender, which I already ingest through the data connector, as shown below.
I initially assumed that Rapid7 would enrich the InsightVM findings with Microsoft Defender findings, but this is not the case. That is why I currently have to handle this work in Power BI. My plan is to use our internal LLM capabilities to optimize and consolidate two exports from two different systems into a single table. This would give me the best of both worlds in one place. However, it is a significant amount of work and involves considerable trial and error.
