Full Report
Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution. [...]
Analysis Summary
# Vulnerability: Windows Firewall Error Log Misclassification (Not a Security Vulnerability)
## CVE Details
- CVE ID: Not explicitly assigned in the provided text. Classification is based on the described event logging issue.
- CVSS Score: N/A (The issue misleadingly flagged as potentially critical, but the underlying event is benign.)
- CWE: N/A (Lacks a direct security weakness classification; it is an administrative/logging error.)
## Affected Systems
- Products: Windows Firewall With Advanced Security (part of Windows OS)
- Versions: Unspecified, but affects systems where the described logging behavior occurs.
- Configurations: Whenever the device is restarted.
## Vulnerability Description
Windows Firewall With Advanced Security is generating Event ID 2042 in the Event Viewer with the message: "Config Read Failed" and subtext: 'More data is available'. Microsoft stated that this event occurs every time the device is restarted. Crucially, Microsoft clarified that **this event does not reflect an issue with Windows Firewall itself** and can be disregarded. It is related to an upcoming, not yet fully implemented feature in the operating system. The core issue reported in the article is that Microsoft incorrectly marked this benign logging error as "Resolved" during July Patch Tuesday.
## Exploitation
- Status: Not applicable (This is a misclassified logging artifact, not a security vulnerability exploitable by attackers).
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: No Impact
- Integrity: No Impact
- Availability: No Impact (The logging anomaly itself does not impact system operation or security, though false positives could impact monitoring sanity.)
## Remediation
### Patches
- **Status Update:** A fix for the *misclassification* is planned. Microsoft stated: "A resolution for this issue is planned to be included in an update to be released in the coming weeks." (No specific patch or KB number provided yet.)
### Workarounds
- **Disregard the Event:** Users are advised to disregard Event ID 2042 in Event Viewer for Windows Firewall, as it does not reflect a functional security issue.
## Detection
- Indicators of Compromise: Event ID 2042 in Event Viewer for Windows Firewall With Advanced Security, showing "Config Read Failed" and 'More data is available'.
- Detection Methods and Tools: Event Viewer monitoring tools (e.g., SIEMs configured to scrape Windows Event Logs). Note: While this event is logged, it should be filtered out as noise, not treated as an IOC.
## References
- Vendor Advisories: Microsoft Advisory regarding the misclassification update.
- Relevant links:
- hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-mistakenly-tags-windows-firewall-error-log-bug-as-fixed/