For the February 2020 Patch Tuesday, Microsoft released security updates for Windows 7, 2008 and 2008 R2 systems which are already end of life. Qualys released Patch Tuesday detections (QIDs) which check for these new ESU patches as well.
Update: Qualys released IG QID 45424 to identify the presence of ESU on Windows 7, 2008/R2 systems.
Microsoft officially ended the support for Windows 7, 2008/R2 on January 14, 2020 and provided the ESU (Extended Support Update) program for customers to keep receiving security updates. However, for this Patch Tuesday (February 12, 2020) they issued patches for customers which have ESU enabled and updates for these out-of-support systems.
QIDs Released for ESU Updates
Qualys released Patch Tuesday QIDs which check for the new ESU patches:
QID 91605 Microsoft Windows Security Update for February 2020
QID 91603 Microsoft Windows Servicing Stack Security Update February 2020
QID 100401 Microsoft Internet Explorer Security Update for February 2020
QID 100400 Microsoft Internet Explorer Remote Code Execution Vulnerability (ADV200001)
Qualys had previously released EOL QIDs – see New EOL QIDs for Microsoft Windows 7 and 2008/R2.
How to Identify Vulnerable Hosts
The best method for identifying vulnerable hosts without ESU updates is through the Qualys Cloud Agent or via authenticated scanning. These QIDs are included in signature version VULNSIGS-2.4.816-3. Cloud Agents will automatically receive this new QID as part of manifest version 2.4.816.3-2.
You can search for these QIDs in the Qualys VM Dashboard with the following QQL query:
This will return a list of all impacted hosts for QID 91603.
Identify hosts with ESU enabled
Qualys also recently released an IG QID 45424 to identify the presence of ESU using authenticated scanning or Qualys Cloud Agent . This QID is included in signature version VULNSIGS-2.4.826-2 and Cloud Agent manifest version 2.4.826.2-1.
You can also track ESU and EOL QIDs in your environment with the ESU-EOL-View Dashboard that leverages data in your Qualys Vulnerability Management subscription, as shown below:
For more information, refer to the dashboard attached to Reporting Toolbox: Focused Search Lists v1.5 that contains EOL OS tracking widgets.