systeminfo.exe only list limited number of KBs

[singhsan02]

The input file systeminfo.txt created from systeminfo.exe doesn't list all the KBs installed.

The final result shows vulnerability related to for e.g. "KB4012212" although this update is installed. Date: 20170314 CVE: CVE-2017-0022 KB: KB4012212 Affected product: Windows 7 for 32-bit Systems Service Pack 1 Affected component: Microsoft XML Core Services 3.0 Severity: Important Impact: Information Disclosure Exploit: n/a

The following command shows that "KB4012212" is installed. wmic qfe list brief /format:texttablewsys > "%USERPROFILE%\hotfix.txt" Security Update KB4012212 NT AUTHORITY\SYSTEM 3/31/2017

https://support.microsoft.com/en-us/help/2644427/systeminfo-exe-does-not-display-all-updates-in-windows-server-2003 Above link indicates that - "When using SystemInfo.exe in Windows Server 2003 to display a list of installed hotfixes, some hotfixes may not be listed if over 200 are installed." Cause - "There is a buffer size limitation that does not allow all system update hotfixes to be displayed"

Although this was for Windows Server 2003, it looks like this is still valid for other OS as well.

[miguelfaldutti87]

Something similar happened to me. The final result showed me that i have 98 vulnerabilities. And, for example, I was missing this KB: KB 4487017. I installed it and then this script showed me 42 vulnerabilities.(4487017 vulnerabilities were gone). Then I installed KB 4487029 and, surprise, 98 vulnerabilities appeared again.! I have again the KB4487017 items.

[bitsadmin]

Thanks for both of your inputs!

@singhsan02, inspired by your wmic command I created the following page on the wiki: https://github.com/bitsadmin/wesng/wiki/Reporting-false-positives

@miguelfaldutti87, please use the instructions on this page to submit your report on false positives being reported by wes.py