Will Qualys be creating a new QID for Windows 2003 EOL, similar to 105543 for Windows XP EOL?
If so, will this use existing methods of detecting Windows 2003 as in QID 45017 (in our case TCP/IP fingerprinting)?
QID 105632 was published on 07/14/2015 and the date is as same as the date of Windows Server 2003 end of support.
Windows Server 2003 end of support | Microsoft
Here is the detail.
Title: EOL/Obsolete Operating System: Microsoft Windows Server 2003 Detected
Severity Level: 5
Vulnerability Type: Confirmed Vulnerability
Discovery Method: Remote or Authenticated
Category: Security Policy
Vendor Reference: Windows Server 2003 End of Life
CVSS Base: 6.8
Thanks for the response - I see this now and see that there is an issue with the Search function in the Knowledge Base.... A search on 'Vulnerability Title' using 'Windows 2003' does not find this QID, you need to search for 'Windows Server 2003'
So the search text is requiring a specific keyword phrase match - Qualys have mixed the QID titles using 'Windows 2003' in some cases and 'Windows Server 2003' in others.
Qualys has published QID 105632 “EOL/Obsolete Operating System: Microsoft Windows Server 2003 Detected” to production on 7/14/2015. This detection can be triggered by either an Authenticated Vulnerability Scan, or via a Remote Scan based upon the target’s ‘Fingerprint’ & ‘CIFS’ response. If CIFS is not available on the target host, this QID will not be detected via remote methods, as CIFS is required in order for us to accurately identify a specific target OS as End-Of-Life.
Retrieving data ...