Forum Discussion
Vulnerable server : KB4025339 or superseding KB cannot be found
"The remote Windows host is missing security update KB4025339. It is, therefore, affected by multiple vulnerabilities :"
The server is running Server 2016 version 1607 build 14393.5356 and is patched monthly, the latest patch being KB5017305.
The issue I have is that the Microsoft Update Catalogue has broken the links between KB superseded versions and I'm not able to locate the relevant patch details to remediate CVE-2017-8486 :: Critical level Server vulnerability.
4 Replies
KB4025339 == the July 11, 2017- (OS Build 14393.1480) Since the current build is 14393.5356 you couldn't install an older rollup. Monthly rollups are cumulative and contain new fixes plus all the previous monthly rollups. So nothing further is needed on your part.
Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
Overview of Windows as a service - Windows Deployment | Microsoft Learn
Dave Patrick Thank you for the response.
The issue I have is that our vulnerability scanner 'Tenable' flags systems with the missing KB as vulnerable due it being unable to find the KB installed.
I believe the vulnerability is fixed but unless I can apply KB4025339 it will continue to flag as a vulnerable security issue on the affected machines.Have you tried? You'll get a "no applicable" since the build is currently higher. Might ask the scanner vendor about the issue since the current build covers the older build monthly roll-ups as well.
cthomsonvamacuk just checking if there's any progress or updates? please don't forget to mark helpful replies
