We have deployed a new windows 2012 r2 DC. We have done a complete patch cycle using windows update and now have done a complete scan and remediation using GFI Langurard and all is clean. Just to confirm our results we then run a full Nessus scan against the new DC and Nessus comes back with vulnerabilities, most notable is a critical finding missing KB4025336.
When i try to download the KB and install using Windows catalog service I receive this update is not applicable to your computer and GFI, Microsoft Security Baseliner and windows update does not record it missing. Looking at the windows updates it is not listed as installed, so I am not sure if it is superseded, but if so thought Nessus would not see the patch as missing?
We have security audits in the industry we are in and the auditor uses Nessus, so we can't ignore the findings from the Nessus scan.