Identifying Vulnerabilities Caused by Out-of-Date VDS Database
- 15 Dec 2023
- 1 Minute to read
- Print
Identifying Vulnerabilities Caused by Out-of-Date VDS Database
- Updated on 15 Dec 2023
- 1 Minute to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
Summary
This article provides instructions on identifying whether the displayed vulnerabilities in ElementOne is caused by an Out-of-Date VDS database.
Details
If a specific Windows update or a newer Windows update has been installed, but the vulnerability still appears in ElementOne, follow these steps to determine whether or not the issue is caused by an out-of-date VDS database.
Here is a quick reference table of ElementOne and its VDS database version:
| ElementOne Version | VDS Database Release Date |
|---|---|
| 1.5.0 | 2023-11-25 |
| 1.4.0 | 2023-10-23 |
| 1.3.0 | 2023-08-21 |
| 1.2.1 and above | 2023-05-23 |
- Find Windows Update which can fix the vulnerability on ElementOne.
In this sample, the Windows Update is KB5029244, and the ElementOne version is 1.3.0.
- Search for the specific Windows Update on Microsoft Support. You can see that Windows update KB5029244 was released on Aug 08, 2023.
- Map windows patches between the patches above KB5029244 on Windows Support page and the update history on Windows.
In Windows update history, you can see that KB5029244 was installed on 2023-08-10, and the newer KB5031356 was installed on 2023-10-11.
Browsing the Update Info of the asset on ElementOne, you can only find that KB5031356 was installed.
When Windows releases new security updates, they typically include updates from previous security patches. To verify this information, you can search for Windows update details on the Microsoft Update Catalog.
When you install a newer Windows security update, the system removes the previous security update and installs the newer one. This is why KB5029244 is not listed in the current Update Info for the asset in ElementOne.
The Windows update KB5031356 was released on 2023-10-10, while the VDS database date in ElementOne 1.3.0 is 2023-08-21. Consequently, ElementOne cannot recognize the Windows update or the vulnerabilities fixed by KB5031356.
In the VDS database with a date of 2023-08-21, the latest security patch for fixing these vulnerabilities is KB5029244. However, since the asset has since installed the newer security update, Windows has removed KB5029244. As a result, you will see the vulnerabilities appear on ElementOne.
Solution
Since the VDS database only supports upgrades with ElementOne, to keep the VDS database up to date, it is necessary to upgrade ElementOne to the latest version.
For further assistance, please contact us at support@txone.com or your support provider.
Was this article helpful?