MS13-062 Possible False Positive

learningdaily 2015-10-09 20:34:42 UTC #1

IBM, can you investigate whether there is an issue with the relevance in the following Fixlet -

Fixlet: Remote Procedure Call Vulnerability - MS13-062
ID 1829301
Site Vulnerabilities to Windows Systems
Category ACCEPTED
CVE ID CVE-2013-3175
Download Size
Source oval.mitre.org
Source ID OVAL18293
Source Severity High
Source Release Date 3/3/2014

All of my Windows 7 and Win2008R2 systems are reporting as vulnerable to this, yet when I apply the patch downloaded directly from Microsoft it says not applicable on my machines. Is there something wrong in my configuration or are others seeing this as well?

strawgate 2015-10-10 05:17:08 UTC #2

Hello!

While it’s never a bad idea to post things like this on the forum – please note that this is not an official IBM support channel!

If you are looking for assistance fixing a false positive then you’ll want to contact IBM support. That will give you a priority, a case number, and a dedicated IBMer to help you through the issue.

There is a pinned topic: How to ask for IBM product help: PMRs, RFEs, and more that covers how to file a PMR.

jgstew 2015-10-10 07:06:50 UTC #3

Thanks for reporting this issue. It does sound like it could be relevance related.

As @strawgate points out, a PMR is your best option for support from IBM on this issue, but hopefully others will chime in if they see the same thing as well.