Missing Patches - patches an unknown number of vulnerabilities

[oconnell-sean]

Curious what I might be doing wrong here. Trying to figure out why CVE details are not being shown.

PS C:\Users\S\anaconda3\envs\wesng> py wes.py -m .\missing.txt Windows Exploit Suggester 1.03 ( https://github.com/bitsadmin/wesng/ ) [+] Loading definitions [+] Loading missing patches from file [!] Found vulnerabilities!

[-] Missing patches: 4

• KB5028948: patches an unknown number of vulnerabilities
• KB890830: patches an unknown number of vulnerabilities
• KB5029263: patches an unknown number of vulnerabilities
• KB5029688: patches an unknown number of vulnerabilities [I] Check the details of the unknown patches at https://support.microsoft.com/help/KBID, for example https://support.microsoft.com/help/890830 in case of KB890830 [+] Done. Displaying 4 of the 4 vulnerabilities found. PS C:\Users\S\anaconda3\envs\wesng> py wes.py -u Windows Exploit Suggester 1.03 ( https://github.com/bitsadmin/wesng/ ) [+] Updating definitions [+] Obtained definitions created at 20230808 PS C:\Users\S\anaconda3\envs\wesng> py wes.py -m .\missing.txt Windows Exploit Suggester 1.03 ( https://github.com/bitsadmin/wesng/ ) [+] Loading definitions [+] Loading missing patches from file [!] Found vulnerabilities!

[-] Missing patches: 4

• KB890830: patches an unknown number of vulnerabilities
• KB5029263: patches an unknown number of vulnerabilities
• KB5028948: patches an unknown number of vulnerabilities
• KB5029688: patches an unknown number of vulnerabilities [I] Check the details of the unknown patches at https://support.microsoft.com/help/KBID, for example https://support.microsoft.com/help/890830 in case of KB890830 [+] Done. Displaying 4 of the 4 vulnerabilities found.

[bitsadmin]

Hi Sean,

Because of the incomplete information provided by MSRC, sometimes KBs cannot be associated with CVEs. In your case by using missingkbs.vbs you already elimiated the issue that sometimes supersedence information is missing. Now using the KB numbers you can manually check for possible CVEs connected to the missing KBs.

https://support.microsoft.com/help/5028948 https://support.microsoft.com/help/890830 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029688

For more information on this, see https://blog.bitsadmin.com/windows-security-updates-for-hackers#eliminating-false-positives

Hope that helps!