Jump to content


Photo
- - - - -

Audit 15918 - Superseded


  • Please log in to reply
6 replies to this topic

#1 halsteaw

halsteaw

    Security Mastermind

  • Members
  • 79 posts

Posted March 15, 2012 - 12:17 PM

Audit calls out MS12-008: Vulnerabilities in Windows Kernel-Mode drivers could allow remote code execution: February 14, 2012

it has been superseded by

MS12-018: Vulnerability in Windows kernel-mode drivers could allow elevation of privilege: March 13, 2012


Audit flags upon install of MS12-018 due to new file version numbers,

#2 halsteaw

halsteaw

    Security Mastermind

  • Members
  • 79 posts

Posted March 15, 2012 - 12:18 PM

Nevermind. I am lacking a signature update. Disregard

#3 bb93444

bb93444

    Security Mastermind

  • Members
  • 77 posts

Posted March 17, 2012 - 11:35 AM

Updated to audit version 2486 and 15918 is still flagging even though MS12-018 has been installed. Verified that the vulnerable files was updated to the file version MS12-018 sets. Was informed that it was going to be corrected in version 2486, but that does not appear to be the case. Has this possibily been addressed in a version newer than 2486?

#4 Nate

Nate

    Security Mastermind

  • Members
  • 213 posts
  • LocationIrvine, CA

Posted March 19, 2012 - 12:09 PM

Hi bb93444 and halsteaw,

I spotted an issue with audit 15918 that could cause the behavior you're seeing. A fixed version of the audit will be available in upcoming audits release 2487.

- Nate

#5 bb93444

bb93444

    Security Mastermind

  • Members
  • 77 posts

Posted March 19, 2012 - 12:20 PM

Thanks Nate!

#6 Nate

Nate

    Security Mastermind

  • Members
  • 213 posts
  • LocationIrvine, CA

Posted March 19, 2012 - 12:37 PM

You're welcome, thanks for reporting the issue!

#7 bb93444

bb93444

    Security Mastermind

  • Members
  • 77 posts

Posted March 19, 2012 - 01:09 PM

My pleasure




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users