eEye Digital Security

I have recently installed the latest security update for IE7 on my network (Cumulative Security Update for Internet Explorer 7 (KB972260)). Now whenever I do a Retina scan on these machines, they report 2 High risk vulnerabilities:

Microsoft Internet Explorer Cumulative Security Update (958215) - 2003            Retina Audit ID: 7449
Microsoft Internet Explorer Security Update (960714) - 2003                              Retina Audit ID: 7521

or

Microsoft Internet Explorer Cumulative Security Update (958215) - XP                Retina Audit ID: 7448
Microsoft Internet Explorer Security Update (960714) - XP                                  Retina Audit ID: 7520

These vulnerabilities are from 2008, and probably obsolete. I run am running the most updated versions of Win2k3 SP2 and WinXP SP3. Has anyone else had this problem? Does anyone know if these are actually False Positives, or has Microsoft opened up an old vulnerability?

Thanks

Hi Jin,

Both were updated in Audit version 2118 that was released last night.

Thank you,

Brian

Hi Brian,

I am running Audit version 2155 and these two vulnerabiltiies are still appearing on every scan for systems that are fully updated running IE7.

Thanks for any information,

Alex

 This started with update 2153.  I posted about it, but put down the KB articles as audit ID's.  I wasn't looking at the right number.  Since there was a slew of new updates from Microsoft, I figure the next engine change or audit update should address these findings.

 After update 2159, I was still getting these two findings.  I finally uninstalled then installed the engine.  The findings went away.

The MS Cumulative Security updates are tricky so when a new version comes out we may alter an existing one (ie latest minus 1) and create a new audit for the new patch, depends on what changes exactly.

We did make another change from an MS patch in 2157 so that would explain why 2159 worked for you.