Phone Lines icon GFI Support Home

Articles in this section

See more

Why are False Positive CVE-2019-1043 and CVE-2019-0765 High Security Vulnerabilities Detected by Scans?

Author: Andriy Rybalchenko Updated

Overview

GFI Languard scans are reporting that servers and client end nodes are vulnerable to High Security Vulnerability CVE-2019-1043, or CVE-2019-0765, or CVE-2020-0744, or CVE-2018-0886, but when you check, all the updates, including the Microsoft patch to resolve this, are already installed.

 

Solution

The vulnerabilities being reported are a known false positive issue. Our Engineering team has pushed out updates to address the false positives.

Ensure that your LanGuard server is Upgraded to the latest version and all program updates are up to date. If there are agents installed on the affected machines, ensure that agent updates are successful as well. If you are unsure about the automatic update status, it is recommended to Update LanGuard Server Manually. Once this is done, run a new scan to verify that the issue is resolved.

Microsoft published patch for these CVE is only for Windows 10, Windows Server 2016 and above, refer to the root cause and the issue scope below.

A small subset of the machines is still getting false positives due to the complex nature behind the root cause. The Engineering team is working to solve this completely. If the issue is still there in your environment, you may wish to ignore the vulnerabilities in the interim.

 

Root cause and the issue scope

The root cause of the issue is that when Windows Defender is disabled (either on purpose or using a different AntiVirus), the engine updates are not applied, and these vulnerabilities show up in scans. Applying the patch KB4052623 - Update for Microsoft Defender antimalware platform to a vulnerable machine fixes the issue.

Microsoft's release of the patch for only Windows 10, Windows Server 2016 and above doesn't help to resolve the issue for the other operating systems (Server 2012 R2 and below, Windows 7, Windows 8, Windows Vista), which brings a resolution for those systems out-of-scope area for GFI.

These vulnerabilities are detected for old Security Essentials and Windows Defender. However, Security Essentials have no updates available anymore, so the only way seems to be an upgrade to a recent version of Windows Defender or to ignore the vulnerabilities.

Also, there are many complicated applicability checks in the update as it may not be applicable due to the system's condition/state. Please refer to more information on the patch KB4052623 - Update for Microsoft Defender antimalware platform.

Related articles