For the February 2020 Patch Tuesday, Microsoft released security updates for Windows 7, 2008 and 2008 R2 systems which are already end of life. Qualys released Patch Tuesday detections (QIDs) which check for these new ESU patches as well.
Microsoft officially ended the support for Windows 7, 2008/R2 on January 14, 2020 and provided the ESU (Extended Support Update) program for customers to keep receiving security updates. However, for this Patch Tuesday (February 12, 2020) they issued public patches and updates for these out-of-support systems.
QIDs Released for ESU Updates
Qualys released Patch Tuesday QIDs which check for the new ESU patches:
QID 91605 Microsoft Windows Security Update for February 2020
QID 91603 Microsoft Windows Servicing Stack Security Update February 2020
QID 100401 Microsoft Internet Explorer Security Update for February 2020
QID 100400 Microsoft Internet Explorer Remote Code Execution Vulnerability (ADV200001)
Qualys had previously released EOL QIDs – see New EOL QIDs for Microsoft Windows 7 and 2008/R2.
How to Identify Vulnerable Hosts
The best method for identifying vulnerable hosts without ESU updates is through the Qualys Cloud Agent or via authenticated scanning. These QIDs are included in signature version VULNSIGS-2.4.816-3. Cloud Agents will automatically receive this new QID as part of manifest version 2.4.816.3-2.
You can search for these QIDs in the Qualys VM Dashboard with the following QQL query:
This will return a list of all impacted hosts for QID 91603.
For more information, refer to the dashboard attached to Reporting Toolbox: Focused Search Lists v1.5 that contains EOL OS tracking widgets.