This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Silverlight Vulnerability Verification

davidle
By
Level 7

Hello,

We are trying to determine why the Scan Results for two separate devices would show different security states for same product & version installed ?

Product/Version

Microsoft Silverlight 5.1.50918.0

 

‎Oct 30, 2019 12:22 PM

0 Kudos
(3) Replies

RDanailov
By Level 7 Flexeran
Level 7 Flexeran

Hi @davidle 

Hypothetically, If e.g. Host A has been last scanned 4 days ago, Microsoft Silverlight has been patched 2 days ago, and you have scanned Host B today, you'd see Host A displaying the last-known state before the patching, while Host B would have had detected that the application was patched due to the scan occurring after patching it.

This is essentially why frequent scanning is so important - it ensures timely updating of all vulnerability intelligence that flows into your database and thereby gets picked by Agents on the network. 

Please check this particular scenario and drop me a comment if that wasn't the case. Make sure you compiled Host and Product smart groups before looking at the data because that may also be the issue - Smart Groups haven't been compiled hence displaying old known states while Completed Scans showing "the server-side" matching of the detection - hence yielding a different result - a compilation of Smart Groups should fix that. 

I hope this helps. 

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"

‎Oct 31, 2019 07:23 AM

0 Kudos

davidle
By
Level 7
In response to RDanailov

Hi @RDanailov ,

I have verified that the Host & Product Smart Groups compiled this morning. However, both devices that have the Silverlight 5.1.50918.0 show two different security states.

Attached will be two different screenshots:

QJ0500046.jpg shows that scan result of a device that has Silverlight 5.x and is Insecured.

BLV800G3M4.jpg shows the same application version installed and is Secured.

- David

 

‎Oct 31, 2019 09:30 AM

Preview file
160 KB
Preview file
187 KB
0 Kudos

RDanailov
By Level 7 Flexeran
Level 7 Flexeran
In response to davidle

Hi @davidle

Thanks for verifying the basics so promptly.  So far we have it confirmed that some of your systems failed to return information for missing KBs for the Silverlight product, while others did return this information to the SVM Agent successfully. We shall understand what caused some systems do not deliver the information - was that because they have nothing pending, or was it because of WU problems?

Please run the following in Powershell on 1-2 systems that have been identified to have Secure Silverlight version, and run the same query on 1-2 other client systems that have been identified to have Insecure one: 

Gwmi -Namespace root\ccm\SoftwareUpdates\UpdatesStore -Class ccm_updatestatus | where {$_.Title -match "Silverlight"} | Select Status,Title,ProductID

The correct, expected result of this test should be: 

a) The 1-2 systems that show this product as "Secure" in SVM should show Silverlight patches as "Installed"

b) The 1-2 systems that show this product as "Insecure" in SVM should show Silverlight patches as "Missing".

Was this the outcome?

PS: I made a quick edit to improve the query after I've caught that the first one wouldn't have been ideal. 

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"

‎Nov 01, 2019 10:02 AM - edited ‎Nov 01, 2019 10:26 AM