Open mostlikelee opened 1 month ago
@mostlikelee Sounds like this is unreleased?
Not unreleased, but this will be recurring monthly (patch tuesday) work until https://github.com/fleetdm/fleet/issues/20039 is addressed.
@xpkoala Added QA notes.
Changing estimation from 1 to 2 because of figuring out Microsoft 365 installer/target and adding tests.
https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
Add rule to: server/vulnerabilities/customcve/matching_rules.go
Need to manually add these vulnerabilities until Office365 detections are resolved.
--
QA notes
version
to something lower than the versions listed in https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates#june-11-2024.16.0.17726.20160
so if you set version to something like16.0.17726.20159
then Fleet should detect July vulnerabilities (and August).16.0.17830.20166
so if you set version to something like16.0.17830.20165
then Fleet should detect August vulnerabilities.Finally, setting versions higher than
16.0.17830.20166
should find no vulnerabilities.PS: Don't forget that vulnerabilities are cleared from the DB after 2 hours of them being "found". Workaround:
update software_cve set updated_at = DATE_SUB(current_timestamp, interval 3 hour);
.