Unauthenticated check for Zerologon available Tenable has...

5 years ago

I am having success in Security Center using the "Quick Credential Debug" scan and adding plugin 140657 to the policy of that scan.

The plugin first appeared to be very accurate, only firing on unpatched assets. After the windows patch was applied I noticed remediation could only happen if I ran the "remediation scan" from they analysis tool. This was cumbersome but sufficient to track the patch status.

Now that we are down to only a few assets, I can run the QCD + 140657 to detect the vuln. I then use the "remediation scan" in the analysis tool and each of the detected vulns is remediated.

The problem I have now is for these last assets, 140657 fires every night and the next day I can "remediate" the vulns with a "remediation scan". This has happened every night this week.

1) Why are the plugins firing every night and then can also be remediated every day with a "remediation scan"?

2) Why is remediation for 140657 only detected when using a "remediation scan" and not during the "QCD + 140657" scan?

Forum Discussion

Unauthenticated check for Zerologon available Tenable has...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia