A scanner reports a critical vulnerability on an internal Linux server. The administrator verifies the package is installed, but the vulnerable code path is only present in a plugin that has been disabled and removed from the service startup. The server cannot be patched until a vendor maintenance window next month. What is the best next step?
Trap 1: Ignore the finding because the scanner is clearly wrong
The package is present, so the finding should not be dismissed without documentation, validation, and risk review.
Trap 2: Reinstall the disabled plugin so the scanner output matches the…
Reinstalling the plugin would increase exposure instead of reducing risk, even if it satisfied the scan result visually.
Trap 3: Expose the server to the internet for faster monitoring and patch…
Placing the server on the internet would significantly increase risk and is not a valid remediation strategy.
- A
Ignore the finding because the scanner is clearly wrong
Why wrong: The package is present, so the finding should not be dismissed without documentation, validation, and risk review.
- B
Create a time-limited exception and apply compensating controls until patching is possible
A temporary exception with compensating controls balances business constraints and security while the team schedules a proper fix.
- C
Reinstall the disabled plugin so the scanner output matches the running configuration
Why wrong: Reinstalling the plugin would increase exposure instead of reducing risk, even if it satisfied the scan result visually.
- D
Expose the server to the internet for faster monitoring and patch testing
Why wrong: Placing the server on the internet would significantly increase risk and is not a valid remediation strategy.