diff --git a/lib/msf/core/exploit/remote/ms_icpr.rb b/lib/msf/core/exploit/remote/ms_icpr.rb
index f0f1ff144a28..a4d2f82be43b 100644
--- a/lib/msf/core/exploit/remote/ms_icpr.rb
+++ b/lib/msf/core/exploit/remote/ms_icpr.rb
@@ -196,12 +196,13 @@ def do_request_cert(icpr, opts)
 
     return unless response[:certificate]
 
-    if (policy_oids = get_cert_policy_oids(response[:certificate])).empty?
-      if application_policies.present?
-        print_error('Certificate application policy OIDs were submitted, but none were found in the response. This indicates the target has received the patch for ESC15 (CVE-2024-49019)')
-        return
-      end
-    else
+    policy_oids = get_cert_policy_oids(response[:certificate])
+    if application_policies.present? && !(application_policies - policy_oids.map(&:value)).empty?
+      print_error('Certificate application policy OIDs were submitted, but some are missing in the response. This indicates the target has received the patch for ESC15 (CVE-2024-49019).')
+      return
+    end
+
+    if policy_oids
       print_status('Certificate Policies:')
       policy_oids.each do |oid|
         print_status("  * #{oid.value}" + (oid.label.present? ? " (#{oid.label})" : ''))