I have the problem that the OS End of Life chech is not showing up in the reports.
I scanned Win2k8 und Win7 clients with “Full and Fast” and there are multiple vulnerabilites, but OS end of Life does not show up.
I checked the “Full and Fast” Scan config and 220.127.116.11.4.1.25618.104.22.168674 is part of it.
Any advice would be welcome.
The End of Life Detection of a Operating System heavily depends on the detail grade the OS was detected during the scan.
As an example the extended support of Windows 7 with an installed SP1 ends in January 2020 so a Windows 7 can’t be reported generally as End Of Life because it isn’t if SP1 installed.
If it was not possible to detect if a SP is installed on the target no EOL message will be reported.
Have a look at the output of the following two VTs how and in which detail the OS was detected:
OS Detection Consolidation and Reporting (OID: 22.214.171.124.4.1.256126.96.36.199937)
Unknown OS and Service Banner Reporting (OID: 188.8.131.52.4.1.256184.108.40.206441)
You also might want to consider to configure Authenticated Scans against your Windows.
thanks for the info!
The scan revealed this in 220.127.116.11.4.1.25618.104.22.168937 :
OS: Windows Server 2003 3790 Service Pack 2
Found by NVT: 22.214.171.124.4.1.256126.96.36.199011 (SMB NativeLanMan)
Concluded from SMB/Samba banner on port 445/tcp: OS String: Windows Server 2003 3790 Service Pack 2; SMB String: Windows Server 2003 5.2
Setting key “Host/runs_windows” based on this information
when I understand the logic correctly, the script does use os_eol.inc to determine the EOL. But in that include file is no “cpe:/o:microsoft:windows_server_2003:-:sp2” only an “cpe:/o:microsoft:windows_server_2003::sp2” (the hiven is missing). Thats why the EOL warning is not triggered?
Nice catch, it seems there where indeed some inconsistencies through the whole feed on how the Windows CPEs where used / built (probably due to historical reasons because even in the NVD, specifically for Windows Server 2003 the CPEs are a little bit mixed up).
All VTs setting/registering an OS as well as the os_eol.inc have been updated today to use one single / consistent syntax. The changes should be available with one of the next feed updates and at least the Server 2003 as shown above should be detected as EOL again.
ok, OS EOL detection is now working as intended. Thanks for the quick fix.