Qualys Vulnerability Signature, version 2.4.815-2, will include EOL QIDs (detections for end-of-life software) for Windows 7, Windows 2008, and Windows 2008 R2. Customers will be able to scan the QIDs shown below using Qualys Vulnerability Management (VM):
QID 105859 – EOL/Obsolete Operating System: Microsoft Windows 2008 R2 Detected
QID 105858 – EOL/Obsolete Operating System: Microsoft Windows 2008 Detected
QID 105793 – EOL/Obsolete Operating System: Microsoft Windows 7 Detected
Detecting Windows 7 and 2008/R2 EOL QIDs with Qualys VM
The best method for identifying vulnerable hosts is through the Qualys Cloud Agent or via authenticated scanning. These QIDs will be included in signature version VULNSIGS-2.4.815-2. Cloud Agents will automatically receive this new QID as part of manifest version 2.4.815-2.1.
You can search for these QIDs in VM Dashboard with the following QQL query:
vulnerabilities.vulnerability.qid: (`105859` OR `105858` OR `105793`)
This will return a list of all impacted hosts.
Informational Detections for ESU Supported Systems
Microsoft is providing extended security updates (ESU) for Windows 7 and 2008/R2, and have also made them freely available for Azure systems. Qualys VM will provide IG (informational) QIDs to identify ESU support on Windows 7 and 2008/R2 systems. This is currently being worked upon, and we will update this blog with IG QID information once they are available.
The dashboard attached to Reporting Toolbox: Focused Search Lists v1.5 contains EOL OS tracking widgets which will include these new QIDs.