Lucene search
K

Microsoft Windows 10 Version 1809 Unsupported Version Detection

Microsoft Windows 10 Version 1809 is no longer supported by Microsoft. Lack of security patches puts the system at risk

Refs
Code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(144951);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/11");

  script_name(english:"Microsoft Windows 10 Version 1809 Unsupported Version Detection");

  script_set_attribute(attribute:"synopsis", value:"
The remote operating system is no longer supported.");
  script_set_attribute(attribute:"description", value:
"Microsoft Windows 10 version 1809 is running on the remote host.
Microsoft ended support for Windows 10 version 1809 Home/Pro on November 10, 2020
and Windows 10 version 1809 Enterprise/Educational on May 11, 2021.

Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities. Furthermore, Microsoft is unlikely to
investigate or acknowledge reports of vulnerabilities.");
  # https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e2452f2e");
  # https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise-and-education
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?807cb358");
  # https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fa29d6e3");

  script_set_attribute(attribute:"solution", value:
"Upgrade to a version of Microsoft Windows that is currently supported.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"Tenable score for unsupported products.");

  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/14");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"unsupported_by_vendor", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_reg_service_pack.nasl");
  script_exclude_keys("SMB/not_windows");
  script_require_ports("SMB/WindowsVersion", "SMB/WindowsVersionBuild");

  exit(0);
}

if (get_kb_item('SMB/not_windows')) audit(AUDIT_OS_NOT, 'Windows');

var product_name  = "Windows 10 version 1809";
var tag           = "microsoft:windows_10";
var cpe_ver       = "-:*";

var os = get_kb_item('SMB/WindowsVersion');
var os_build = get_kb_item('SMB/WindowsVersionBuild');
var os_name = tolower(get_kb_item('SMB/ProductName'));

var port	= get_kb_item("SMB/transport");

# No OS
if (!os) audit(AUDIT_HOST_NOT, 'running an OS known to this plugin');

# Not Windows 10
if ('10' >!< os) audit(AUDIT_OS_NOT, 'Windows 10');

# Not Build 17763 (version 1809)
if ('17763' != os_build) audit(AUDIT_OS_NOT, product_name);

var now = get_kb_item("Flatline/nowtime");
if (empty_or_null(now))
  now = unixtime();

# Server versions have a different life cycle
# Under Fixed Lifecycle Policy Server 2019 (all editions) continue recieving security updates until Jan 9 2029 via Extended Support
# After Jan 9 2029, ESU will be available at cost
# https://learn.microsoft.com/en-us/lifecycle/policies/fixed
# https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2019
if ("server" >< os_name 
    &&  (now < 1862611200 ) # future proof until support ticker comes in, then figure out how to cover 5-yr ESU after Jan 9 2029
   )
  audit(AUDIT_OS_NOT, "affected");

# As per https://learn.microsoft.com/en-us/windows/release-health/release-information
# 1809 LTSB Enterprise/IoT extended support EOS: 2029/1/9
if ("ltsc" >< tolower(os_name) && now < 1862611200 &&
    ("enterprise" >< tolower(os_name) || "iot" >< tolower(os_name)))
  audit(AUDIT_SUPPORTED, os_name);

var edition = NULL;
# Both x86 and x64 exist in the CPE DB (xml file) from nvd.nist.gov.
var arch = get_kb_item('SMB/ARCH');
if (!isnull(arch) && 'x64' >< arch) edition = 'x64';
else edition = 'x86';

cpe_ver = ':' + edition;

register_unsupported_product(
  product_name : product_name,
  cpe_class    : CPE_CLASS_OS,
  cpe_base     : tag,
  version      : cpe_ver
);

security_report_v4(port:port, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Jan 2024 00:00Current
7.6High risk
Vulners AI Score7.6
258