By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CVE-2022-37967 fix issue

0

Dear community Members, please provide me guidance for solving this issue: CVE-2022-37967 was listed in the February Amazon Inspector report for my AWS service. Our IT department followed the instructions and applied the measures recommended in the report for fixing the issue. After running again the Amazon Inspector's report, CVE-2022-37967 is still shown as not resolved. How can I determine whether it is a false positive Amazon Inspector is reporting ? Is there any configuration in Amazon Inspector I can check-tune in order to determine the root cause why this CVE is reported as not resolved after applying the fix recomendattions ?

Thanks in advance !

Mario Montoya

Topics
Security, Identity, & Compliance
Tags
Amazon Inspector
Language
English
mariomontoya134
asked 10 months ago304 views
2 Answers
0

CVE-2022-37967 is a Windows Kerberos Elevation of Privilege Vulnerability that is mitigated by patches detailed in the following documentation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967. You need to ensure that the patch described in the CVE has been deployed to your Windows Operation System Instances.

One possible solution to consider:

You can use AWS Systems Manager Patch Manager to automate the process of patching nodes managed by Systems Manager using the SSM agent. The following blog post describes a solution that first identifies vulnerabilites using Inspector, then automatically patches vulnerable instances using AWS Systems Manager Patch Manager.

https://aws.amazon.com/blogs/mt/automate-vulnerability-management-and-remediation-in-aws-using-amazon-inspector-and-aws-systems-manager-part-1/

AWS
Bert Bullough
answered 10 months ago
  • mariomontoya134
    10 months ago

    Hi Bert ! Thank you very much for your quick reply. Our IT department has already performed the patching per the instructions you shared in your answer. However, after applying the patch, the CVE keeps been reported by Amazon Inspector as unresolved. I wonder if it is possible that Amazon Inspector is just reporting a false positive ? If it is not a false positive, is there any configuration of Amazon Inspector I can check, in order to find out why the CVE is still reported as unresolved after the patch was applied ?

    Thanks again ! Mario Montoya

0

Findings in Amazon Inspector appear in various views based on their state: active, suppressed, or closed. Amazon Inspector automatically sets a finding's status to closed when it detects that the finding is remediated. If you still see a finding for CVE-2022-37967, you should confirm Inspector coverage for the EC2 instance.

Assessing Amazon Inspector coverage of your AWS environment

You can also use the Account Management page in the Inspector console to perform in-depth analysis of Amazon Inspector coverage for individual resources and drill down to review findings for the specific resource.

https://docs.aws.amazon.com/inspector/latest/user/assessing-coverage.html#viewing-coverage-instances

AWS
Bert Bullough
answered 10 months ago
  • mariomontoya134
    10 months ago

    Thank you very much again Bert ! I have shared your suggestions with our IT department in order to verify the coverage for our EC2 instance, as well as for individual resources.

    Kind regards !

    Mario

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content