Hey all, Running into a Vulnerability management issue, I wanted to check with the community. Tenable is flagging several endpoints mentioning the remote host is missing the KB articles for month July 2025, specifically checking the C:\Windows\System32\ntoskrnl.exe binary. On one of the machines: • Nessus check: ◦ Should be: 10.0.22621.5624 ◦ Found: 10.0.22621.3880

•   Windows Update: shows fully patched, no pending updates.
•   Get-HotFix reports the latest CU installed.

So Windows says it’s fully up to date, but the kernel binary version is still old, and Nessus/Tenable is flagging the host as vulnerable. I’ve seen similar with other binaries (like rasapi32.dll).

Anyone else run into this mismatch issues ? And any recommendations ?