search

bitsadmin / wesng

Windows Exploit Suggester - Next Generation
BSD 3-Clause "New" or "Revised" License
4.13k stars 554 forks source link

wesng shows ridiculous amount of vulnerabilities #68

Closed Warlord711 closed 1 year ago

Warlord711 commented 1 year ago

2022-10-20 23_27_58-Kali_Neu wird ausgeführt - Oracle VM VirtualBox Got a systeminfo.txt from a Win Server 2012 R2 with 220 Hotfixes installed, wesng shows oder 9000 vulnerabilites. A lot of them are for different systems like Win10/7, also comes with tons of duplicates.

I used

./wes.py systeminfo.txt --exploits-only --hide "Internet Explorer" Edge Flash --muc-lookup

systeminfo.txt 2022-10-20 23_23_28-Kali_Neu wird ausgeführt - Oracle VM VirtualBox

bitsadmin commented 1 year ago

Thanks @Warlord711 for your report.

Unfortunately we are dependent on the (incomplete) supersedence information provided by Microsoft. The --muc-lookup feature attempts to remove false positives, but is also not fool proof. The only option is then to manually validate the supposedly missing KBs to see if they have actually been superseded by a KB that is installed. For more info, see the blog: https://blog.bitsadmin.com/blog/windows-security-updates-for-hackers#eliminating-false-positives.

An alternative is to use the missingkbs.vbs script also available in this repository, to have Windows update identify the missing KBs.

In case you identified an error in the logic of wes.py, please elaborate.

Hope that helps!

Best, Arris