W10 20H2 not detected and W10 reported as insecure



  • Hi,

    I updated to W10 20H2 (fr) fully patched and W10 is reported as insecure.
    6395fef8-24b8-44b3-9662-7fca1f344839-image.png
    cf086f3a-e343-4318-b7f6-de8193af8981-image.png

    Hope this helps.
    Regard.
    PS: please note that french date format is; dd/mm/aaaa



  • @OLLI_S : Risk or at least vulnerability level is required for pro usage. 🙂

    For standard user, with no idea of what is risk assessment red/yellow/green status is more useful. I think that most people in France do not know what means CVE and if they can have the related description and CVSS will be unable to assess their risks and chose what to do but fix when patch is available.


  • Community Moderator

    Inhink @Tom is right.
    There is an vulnerabily in Windows 10 where up to now there is no patch available.
    So Windows 10 is up-to-date but it is also insecure.

    The problem is, that there is no explanation.
    No Threat Level and also no CVE information.
    Both suggestions exist over 2 years...



  • @Tom : Any product is de facto insecure till next security patch with known or unknown vulnerabilities. So any product is always more or less insecure.

    So at this time W10 with its known vulnerabilities is as secure as standard user can have it when windows update writes: you are up-to-date (fr to en translation).

    To have it reported as "insecure" only lead me to time lost to look for what I missed!

    May I suggest to have another status if you want to report "insecure but with no solution" status. Orange (yellow) "insecure"?

    Regards.


  • VulnDetect Team Member

    Indeed, and it is Insecure.

    But the update is not yet available. Windows is vulnerable to CVE-2020-17087.

    This is a privilege escalation vulnerability which was exploited together with the recent 0-day in Google Chrome:
    https://www.theregister.com/2020/10/30/windows_kernel_zeroday/

    Right now it is even more important to keep all other software up-to-date, since this vulnerability can (and was) used to break out of the sandbox protection, which is used by some applications (including Chrome) to make it harder to fully compromise a system via a remote exploit.


  • Community Moderator

    Same here:

    77300d94-6365-4a00-bc3e-d306ac0cdac9-image.png

    There are no Windows Updates available, but it is marked as "Insecure".

    Also Win 10 tells me that there are no updates available:

    991c5079-d5f0-4e38-9fdd-40a759906ae6-image.png


  • VulnDetect Team Member

    We will soon review the title of Windows 10, it does appears that Microsoft has changed the naming / versioning of the semi-annual releases.

    Try to expand the Windows 10 entry, there should be a list of one or more KBs that are missing and which are security related.


Log in to reply