We have four machines that all have the exact same vulnerability (And only these four machines possess these vulnerabilities):
Microsoft Data Access Components Remote Code Execution (QID 90817)
Microsoft Windows Kernel-Mode Drivers Elevation of Privilege (QID 90816)
Microsoft Windows Shell Remote Code Execution (QID 90818)
The four machines that have these vulnerabilties are:
2 x Windows 7 SP1 workstations
1 x Windows Server 2008 R2 file server
1 x Windows Server 2008 R2 web server (with IIS installed)
I can't figure out why these machines have this vulnerability. Afer reviewing WSUS appvoals, all four machines should have these required updates installed. Is there something else I could be missing? Thanks!
Jeff,
You can always view the "results" section in the Qualys Reports if you have it enabled for the particular template you are using. What this does is show the specific reason why the service thinks the vulnerability exists on that host.
As an example for QID 90817, I was able to pull the following results for a host in our lab:
RESULTS:
HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2698365\Filelist is missing
%ProgramFiles%\Common Files\System\ado\msado15.dll Version is 2.82.4795.0
As you see the service looked in the registry to find a registry key and it also reported the version of the DLL. Both of these in combination caused the service to report this particular host as vulnerable.
Are you using a reporting template or viewing the raw scan data?