Workload: Server 2016 still showing Vulnerability to CVE-2021-26855 after installing KB5000871
search cancel

Workload: Server 2016 still showing Vulnerability to CVE-2021-26855 after installing KB5000871

book

Article ID: 285070

calendar_today

Updated On:

Products

Carbon Black Cloud Workload

Issue/Introduction

  • Devices show as vulnerable to Critical CVE-2021-26855
  • Endpoint shows correct patch KB5000871 installed to remediate vulnerability
  • Reassessing endpoint has no impact

Environment

  • Carbon Black Cloud Workload: All Versions
  • Carbon Black Cloud Sensor: 3.6.x.x and Higher
  • Microsoft Exchange Server: 2013, 2016, and 2019

Cause

National Vulnerability Database (NVD) is not providing "fixed by" information for CVE-2021-26855

Resolution

Once NVD provides "fixed by" information for CVE-2021-26855 devices with the appropriate patch installed will no longer show as vulnerable