Hi all. I wonder why there are windows versions not in os_eol.inc like windows 7 sp1, windows server 2008, 2012, 2016. Is this intentional or just a mistake? Because I know windows 7 sp1 and 2008 are EOL.
thanks for bringing this to our attention. There are indeed quite a few missing entries which we are definitely going to add. However when it comes to Windows 7 and Windows Server 2008, these are covered by Microsoft’s extended support. We have yet to find a way to distinguish ESU systems from their regular, unsupported counterparts, otherwise this will lead to quite a lot false-positives.
As a follow up because the same question was asked today in https://community.greenbone.net/t/windows-2008-server-eol-detection/8843:
There is the following VT since quite some time:
Name: Microsoft Windows 7 / Server 2008 End Of Life Detection
This VT is reporting a vulnerability but with a “remote_banner_unreliable” QoD (you can lower the QoD in your report to see the result) to avoid false positives because currently no detection of ESU enabled system is implemented.