Missing Windows version in "OS End Of Life Detection"

Hi all. I wonder why there are windows versions not in os_eol.inc like windows 7 sp1, windows server 2008, 2012, 2016. Is this intentional or just a mistake? Because I know windows 7 sp1 and 2008 are EOL.

https://support.microsoft.com/en-us/lifecycle/search?alpha=Windows%207
https://support.microsoft.com/en-us/lifecycle/search?alpha=Windows%202008

Hi,

thanks for bringing this to our attention. There are indeed quite a few missing entries which we are definitely going to add. However when it comes to Windows 7 and Windows Server 2008, these are covered by Microsoft’s extended support. We have yet to find a way to distinguish ESU systems from their regular, unsupported counterparts, otherwise this will lead to quite a lot false-positives.

Regards

5 Likes

As a follow up because the same question was asked today in https://community.greenbone.net/t/windows-2008-server-eol-detection/8843:

There is the following VT since quite some time:

Name: Microsoft Windows 7 / Server 2008 End Of Life Detection
OID: 1.3.6.1.4.1.25623.1.0.108956
Family: General

This VT is reporting a vulnerability but with a “remote_banner_unreliable” QoD (you can lower the QoD in your report to see the result) to avoid false positives because currently no detection of ESU enabled system is implemented.

1 Like