A list for people using the OVAL repository.View all threads
Please see Issue #1922https://github.com/CISecurity/OVALRepo/issues/1922 from the CISecurity OVAL Repo: Incorrect DLL referenced in CVE-2018-0886 for all Windows Versions
Submitted by https://github.com/t3sl45. The text is as follows:
Hello, I'm using the latest OVAL file to scan for CVE-2018-0886 for "CredSSP Remote Code Execution Vulnerability", I've attached the section of the file containing this vulnerability below.
The issue is that Microsoft indicates that credssp.dll is not the file that was updated, the file updated is tspkg.dll. This can be found here (https://support.microsoft.com/en-us/topic/credssp-updates-for-cve-2018-0886-5cbf9e5f-dc6d-744f-9e97-7ba400d6d3ea).
Can this be looked at?
Jan Cooper Sr. Software Engineer - Optimus 31 Tech Valley Drive East Greenbush, NY 12061 Jan.Cooper@cisecurity.org<mailto:Jan.Cooper@cisecurity.org> 518-516-3083
[signature_446125074] https://www.linkedin.com/company/the-center-for-internet-security/ [signature_1797773547] https://twitter.com/CISecurity [signature_2131813201] https://www.facebook.com/CenterforIntSec [signature_1949181898] https://www.youtube.com/user/TheCISecurity [signature_264086150] https://www.instagram.com/cisecurity
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.