You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is regarding Windows OVAL Definition for CVE-2021-41338 - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability.
Microsoft indicates that this firewallAPI.dll has two binary versions depending on the location, System32 or WoW64. The issue is that OVAL checks only the version number regardless of its location.
For example:
Microsoft indicates that Windows Server 2016 is vulnerable if:
The firewallapi.dll version in the “%WinDir%\System32” directory is less than 10.0.14393.4169.
OR
The firewallapi.dll version in the “%WinDir%\sysWoW64” directory is less than 10.0.14393.4704.
However, Windows OVAL Definition simply indicates that Windows Server 2016 is vulnerable if the firewallAPI.dll version is less than 10.0.14393.4704. Therefore, it marks a server running Windows Server 2016 as vulnerable to this CVE-2021-41338 because the firewallapi.dll version in the “%WinDir%\System32” directory is less than 10.0.14393.4704.
I’ve attached the section of the Windows OVAL Definition containing this vulnerability for your reference.
Can someone please provide me with a way to remediate this?
The text was updated successfully, but these errors were encountered:
l4s09
changed the title
Windows OVAL Definition for CVE-2012-41338 False Positive Issue
Windows OVAL Definition for CVE-2021-41338 False Positive Issue
Oct 7, 2022
Hi @l4s09 ,
The OVAL repo is updated predominantly through cooperation within the OVAL Community, and CIS relies on contributors with appropriate expertise to manage vulnerabilities such as CVE-2021-41338. The repo's main Windows Vulnerability contributor has not has the opportunity to make updates recently, but my understanding is they do intend to resume making submissions. Unfortunately, I am unsure of the timeframe in which that can happen.
Please see the Contributing README, if you would like to contribute yourself. Another option is to submit your concerns to the OVAL Repository Mailing List. It is possible someone on that list can provide the necessary updates.
Hello,
This is regarding Windows OVAL Definition for CVE-2021-41338 - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability.
Microsoft indicates that this firewallAPI.dll has two binary versions depending on the location, System32 or WoW64. The issue is that OVAL checks only the version number regardless of its location.
For example:
Microsoft indicates that Windows Server 2016 is vulnerable if:
The firewallapi.dll version in the “%WinDir%\System32” directory is less than 10.0.14393.4169.
OR
The firewallapi.dll version in the “%WinDir%\sysWoW64” directory is less than 10.0.14393.4704.
However, Windows OVAL Definition simply indicates that Windows Server 2016 is vulnerable if the firewallAPI.dll version is less than 10.0.14393.4704. Therefore, it marks a server running Windows Server 2016 as vulnerable to this CVE-2021-41338 because the firewallapi.dll version in the “%WinDir%\System32” directory is less than 10.0.14393.4704.
I’ve attached the section of the Windows OVAL Definition containing this vulnerability for your reference.
Can someone please provide me with a way to remediate this?
Your help will be much appreciated.
Thank you.
CVE-2021-41338.txt
The text was updated successfully, but these errors were encountered: