- 最新
- 最多得票
- 最多評論
CVE-2022-37967 is a Windows Kerberos Elevation of Privilege Vulnerability that is mitigated by patches detailed in the following documentation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967. You need to ensure that the patch described in the CVE has been deployed to your Windows Operation System Instances.
One possible solution to consider:
You can use AWS Systems Manager Patch Manager to automate the process of patching nodes managed by Systems Manager using the SSM agent. The following blog post describes a solution that first identifies vulnerabilites using Inspector, then automatically patches vulnerable instances using AWS Systems Manager Patch Manager.
Findings in Amazon Inspector appear in various views based on their state: active, suppressed, or closed. Amazon Inspector automatically sets a finding's status to closed when it detects that the finding is remediated. If you still see a finding for CVE-2022-37967, you should confirm Inspector coverage for the EC2 instance.
Assessing Amazon Inspector coverage of your AWS environment
You can also use the Account Management page in the Inspector console to perform in-depth analysis of Amazon Inspector coverage for individual resources and drill down to review findings for the specific resource.
https://docs.aws.amazon.com/inspector/latest/user/assessing-coverage.html#viewing-coverage-instances
Thank you very much again Bert ! I have shared your suggestions with our IT department in order to verify the coverage for our EC2 instance, as well as for individual resources.
Kind regards !
Mario
Hi Bert ! Thank you very much for your quick reply. Our IT department has already performed the patching per the instructions you shared in your answer. However, after applying the patch, the CVE keeps been reported by Amazon Inspector as unresolved. I wonder if it is possible that Amazon Inspector is just reporting a false positive ? If it is not a false positive, is there any configuration of Amazon Inspector I can check, in order to find out why the CVE is still reported as unresolved after the patch was applied ?
Thanks again ! Mario Montoya