Are vulnerability scanners aware of 0patch, or do they keep reporting vulnerabilities that are micropatched?

Mitja Kolsek -

Unfortunately vulnerability scanners are oblivious to 0patch. They infer the presence of vulnerabilities from versions provided by the endpoint or from official patches/updates applied, and 0patch affects none of these. It is only through an actual vulnerability test that you can see 0patch fixed the vulnerability. For instance, you can use Secura's Zerologon test to see that 0patch removed the Zerologon vulnerability. We test each and every micropatch we issue with such a test.

We're working on designing a report that would allow users to augment security scanners' results with data from 0patch, but we're hoping that some day security scanners will be 0patch-aware and will use our API to provide correct vulnerability information in presence of 0patch.

Have more questions? Submit a request


Please sign in to leave a comment.