It appears the plugin for MS Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2870008) is producing a false positive on Server 2012 (version 6.2 build 9200). If I understand the plugin's logic correctly, it is looking at the file version of %systemroot%\Windows\System32\win32k.sys. On the server the file version is showing as 6.2.9200.22210, which is higher than the version that addresses this Security Bulleting according to https://support.microsoft.com/ en-us/help/2883150.
Let me know if there is any additional information that would be helpful in reviewing this or if there is a better forum or method for discussing FPs. Thanks for reviewing this. JP
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
