Greetings all. I have a single server that by all understanding should be not vulnerable. But I scan the system for the RDP vulnerability, and it says its vulnerable.
So I am exploring potential false positive scenarios...but before I detail that, I was asking for some interpretation here. Looking at the QID:91534 I see the following information:
QID Detection Logic:
The following versions of termdd.sys with their corresponding KBs are verified:
KB4500331 - 5.1.2600.7701, 5.2.3790.6787
KB4499149 - 6.0.6003.20514
KB4499180 - 6.0.6003.20514
KB4499164 - 6.1.7601.24441
KB4499175 - 6.1.7601.24441
Are we saying the systems with the above termdd.sys file versions (or earlier) are vulnerable?