OS End of Life detection NVT 1.3.6.1.4.1.25623.1.0.103674 not showing up in reports


#1

hello,

I have the problem that the OS End of Life chech is not showing up in the reports.

I scanned Win2k8 und Win7 clients with “Full and Fast” and there are multiple vulnerabilites, but OS end of Life does not show up.

I checked the “Full and Fast” Scan config and 1.3.6.1.4.1.25623.1.0.103674 is part of it.

Any advice would be welcome.

Best regards

Volker


#2

The End of Life Detection of a Operating System heavily depends on the detail grade the OS was detected during the scan.

As an example the extended support of Windows 7 with an installed SP1 ends in January 2020 so a Windows 7 can’t be reported generally as End Of Life because it isn’t if SP1 installed.

If it was not possible to detect if a SP is installed on the target no EOL message will be reported.

Have a look at the output of the following two VTs how and in which detail the OS was detected:

OS Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0.105937)
Unknown OS and Service Banner Reporting (OID: 1.3.6.1.4.1.25623.1.0.108441)

You also might want to consider to configure Authenticated Scans against your Windows.


#3

Hi cfi,

thanks for the info!

The scan revealed this in 1.3.6.1.4.1.25623.1.0.105937 :

OS: Windows Server 2003 3790 Service Pack 2
CPE: cpe:/o:microsoft:windows_server_2003:-:sp2
Found by NVT: 1.3.6.1.4.1.25623.1.0.102011 (SMB NativeLanMan)
Concluded from SMB/Samba banner on port 445/tcp: OS String: Windows Server 2003 3790 Service Pack 2; SMB String: Windows Server 2003 5.2
Setting key “Host/runs_windows” based on this information

when I understand the logic correctly, the script does use os_eol.inc to determine the EOL. But in that include file is no “cpe:/o:microsoft:windows_server_2003:-:sp2” only an “cpe:/o:microsoft:windows_server_2003::sp2” (the hiven is missing). Thats why the EOL warning is not triggered?

Best regards

Volker