| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(144951);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/11");
script_name(english:"Microsoft Windows 10 Version 1809 Unsupported Version Detection");
script_set_attribute(attribute:"synopsis", value:"
The remote operating system is no longer supported.");
script_set_attribute(attribute:"description", value:
"Microsoft Windows 10 version 1809 is running on the remote host.
Microsoft ended support for Windows 10 version 1809 Home/Pro on November 10, 2020
and Windows 10 version 1809 Enterprise/Educational on May 11, 2021.
Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities. Furthermore, Microsoft is unlikely to
investigate or acknowledge reports of vulnerabilities.");
# https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e2452f2e");
# https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise-and-education
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?807cb358");
# https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fa29d6e3");
script_set_attribute(attribute:"solution", value:
"Upgrade to a version of Microsoft Windows that is currently supported.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"manual");
script_set_attribute(attribute:"cvss_score_rationale", value:"Tenable score for unsupported products.");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/14");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"unsupported_by_vendor", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_reg_service_pack.nasl");
script_exclude_keys("SMB/not_windows");
script_require_ports("SMB/WindowsVersion", "SMB/WindowsVersionBuild");
exit(0);
}
if (get_kb_item('SMB/not_windows')) audit(AUDIT_OS_NOT, 'Windows');
var product_name = "Windows 10 version 1809";
var tag = "microsoft:windows_10";
var cpe_ver = "-:*";
var os = get_kb_item('SMB/WindowsVersion');
var os_build = get_kb_item('SMB/WindowsVersionBuild');
var os_name = tolower(get_kb_item('SMB/ProductName'));
var port = get_kb_item("SMB/transport");
# No OS
if (!os) audit(AUDIT_HOST_NOT, 'running an OS known to this plugin');
# Not Windows 10
if ('10' >!< os) audit(AUDIT_OS_NOT, 'Windows 10');
# Not Build 17763 (version 1809)
if ('17763' != os_build) audit(AUDIT_OS_NOT, product_name);
var now = get_kb_item("Flatline/nowtime");
if (empty_or_null(now))
now = unixtime();
# Server versions have a different life cycle
# Under Fixed Lifecycle Policy Server 2019 (all editions) continue recieving security updates until Jan 9 2029 via Extended Support
# After Jan 9 2029, ESU will be available at cost
# https://learn.microsoft.com/en-us/lifecycle/policies/fixed
# https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2019
if ("server" >< os_name
&& (now < 1862611200 ) # future proof until support ticker comes in, then figure out how to cover 5-yr ESU after Jan 9 2029
)
audit(AUDIT_OS_NOT, "affected");
# As per https://learn.microsoft.com/en-us/windows/release-health/release-information
# 1809 LTSB Enterprise/IoT extended support EOS: 2029/1/9
if ("ltsc" >< tolower(os_name) && now < 1862611200 &&
("enterprise" >< tolower(os_name) || "iot" >< tolower(os_name)))
audit(AUDIT_SUPPORTED, os_name);
var edition = NULL;
# Both x86 and x64 exist in the CPE DB (xml file) from nvd.nist.gov.
var arch = get_kb_item('SMB/ARCH');
if (!isnull(arch) && 'x64' >< arch) edition = 'x64';
else edition = 'x86';
cpe_ver = ':' + edition;
register_unsupported_product(
product_name : product_name,
cpe_class : CPE_CLASS_OS,
cpe_base : tag,
version : cpe_ver
);
security_report_v4(port:port, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation