OVAL - oval:org.mitre.oval:def:6421
This vulnerability is showing 32bit workstations as failing this and 64bit workstations as passing. They both have the same registry entries that this vulnerability is checking for. They should either both pass or fail, but the 64bit passes. We are seeing these same results across the board on 64bit and 32bit workstations.
Why is this happening and what is the best way to create a report to filter this specific item so that it isn't showing all 32bit workstations as failing?
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
EdT
10 years ago
Forgive me but your question makes little sense to me as I am unfamiliar with the tool you are using. However, assuming the vulnerability check is being made on the registry, it has to be done by a 32 bit tool if targeting both 32 bit and 64 bit workstations with the same utility, as 64 bit tools will not run on 32 bit O/S.
On the 64 bit O/S the 32 bit tool will look in the: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\.....
part of the registry, if the check is within HKLM.
If the 64 bit O/S has the key in HKEY_LOCAL_MACHINE\SOFTWARE\..... then the 32 bit app won't be able to access it.
If you want to filter on 32/64 bit operating systems. you can do this with a bit of vbscript if that is appropriate to your needs.
