Fetch_file_version returns FALSE for Ntoskrnl.exe

Hello,

I tested 2 vulnerable windows 7 machines and “2019/microsoft/gb_ms_kb4486563.nasl” supposed to report vulnerabilities. But it didn’t. Then I added “log_message” after the “fetch_file_version” and I saw that “fetch_file_version” returns FALSE. I checked the machines and they both have “ntoskrnl.exe” under “system32”. And both are vulnerable. Then I changed “file_name” to “Msi.dll” and it returned the version of it.
Is there a problem with fetching “Ntoskrnl.exe”?

oid: 1.3.6.1.4.1.25623.1.0.814686

Thanks.

This KB4486563 (Monthly Rollup) is a rollup packet, so please keep in mind that the check might check for the packet and not individual files.

1 Like

I checked and KB4486563 is not installed.

Hi, i tested the mentioned VT against a Win7 target.
lib misc-Message: 09:28:53.015: set key SMB//fetch_file_version//c:\windows\system32//ntoskrnl.exe -> 6.1.7601.17514
lib nasl-Message: 09:28:53.016: Version: 6.1.7601.17514
Vulnerable range: Less than 6.1.7601.24354
File checked: C:\Windows\system32\Ntoskrnl.exe
File version: 6.1.7601.17514

The “lib nasl-Message” is the output from display("Version: " +fileVer); i put in for testing.

If you have checked the prerequisites already like described in Hint: Verify target configuration / access for authenticated (LSC) scans
you could test those VTs on the console as described here: Understanding testing of nasl scripts

2 Likes

Hi, actually I didn’t test KB4486563 individually, I always scanned the system with correct credentials. And other VTs which check other files (other than Ntoskrnl.exe) work fine. I scanned two machines a few times and the result was always the same.