We have a number of Win 7 machines that are shown as vulnerable from a Qualys perspective BUT compliany from an SCCM perspective as the relevant patches are applied KB4499175 and also the monthly rollup KB4499164.
Upon investigation, it seems that the termdd.sys file and PCI.sys file arent being updated which then flags up by Qualys that it isnt compliant even though the patches are installed rebooted numerous times.
Scenario 1 - Windows 7 machine
Patches installed, termdd.sys and pci.sys files are updated to KB4499175 - 6.1.7601.24441 , compliant on SCCM and Qualys.
Scenario 2 - Windows 7 machine
Patches installed, termdd.sys and pci.sys files arent updated whilst patching, compliant on SCCM BUT not compliant on Qualys as its refrring to the termdd.sys file being an older version.
Scenario 3 - Windows 7 machine
Patches installed, termdd.sys and pci.sys files NOT updated whilst patching, compliant on SCCM BUT also compliant on Qualys
Its become very confusing that these type of scenarios are presenting themselves.
Ive manually patched the windows 7 machine as well, command prompt to running the MSU file etc.
Please can you shed some light on this as Qualys is flagging them vulnerable even though the patch is installed. Also whether the termdd.sys file is changed or not, the Qualys scan will report vulnerable at times and at times it would be compliant.