![]() 15.2) determine the primary software we are versioning, or the product year in this case (2016 vs. Notice that the first two digits (15.1 vs. Microsoft typically uses 4 digits to determine the software’s patch level. In order to detect if a service has received a security patch or not, an external actor first needs to look up the build number in the patch itself. However, external actors can only detect the software build number, not the cumulative update number specific to each update. Īs part of their commitment to security, Microsoft regularly releases cumulative updates for their software to address security vulnerabilities. With the recent disclosure of a chain of vulnerabilities in Microsoft’s Exchange Server resulting in unauthenticated remote code execution, this blog details how an external adversary or local sysadmin can determine if a Windows server has been patched by a specific Microsoft cumulative update, such as those released earlier today.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |