Vulnerability CVEs are still listed even after the Microsoft KB has been applied to the endpoint.

search cancel

Vulnerability CVEs are still listed even after the Microsoft KB has been applied to the endpoint.

book

Article ID: 406848

calendar_today

Updated On:

Products

Carbon Black Cloud Workload Carbon Black Cloud Endpoint Standard Carbon Black Cloud Enterprise EDR

Issue/Introduction

Sensor being marked with vulnerabilities (CVEs) that have already been patched on the Microsoft OS prior to the latest reassessment date.

Environment

Carbon Black Cloud Vulnerability Management: Current Version
Microsoft Windows OS: All Supported Versions

Cause

Before April 7th 2025, there was an issue with the KB article published by Microsoft that tracks vulnerability patches.

Resolution

On April 7th 2025, the Microsoft Data Collector service that runs on all PRODs is now working as expected since Microsoft updated their KB file that we use to match vulnerability patches.

Feedback

thumb_up Yes

thumb_down No