Skip to content

Vulnerability-detector: Fix support for recent Windows Server versions#5524

Merged
chemamartinez merged 3 commits intodevelopfrom
4468_winserver_msu_request
Aug 3, 2020
Merged

Vulnerability-detector: Fix support for recent Windows Server versions#5524
chemamartinez merged 3 commits intodevelopfrom
4468_winserver_msu_request

Conversation

@0xN3utr0n
Copy link
Copy Markdown
Contributor

@0xN3utr0n 0xN3utr0n commented Jul 21, 2020
edited
Loading

Related issue
#4468

Description

The current implementation treats Win2016 and Win2019 agents as if they were Win10. That is, vuln-detector isn't capable of detecting specific vulnerabilities for this operating system.

We just need to restrict the Windows10 "special" treatment to those agents which use FEED_WIN10.

Additionally, and perhaps even more important, a second bug has been fixed. Hotfixes that were super of other patches weren't treated as individual patches; thus false-negatives could appear if a CVE was fixed only by a super patch.

Tests

  • Compilation without warnings in every supported platform

    • Linux
    • Windows
    • MAC OS X

  • Source installation

  • Package installation

  • Source upgrade

  • Package upgrade

  • Checked the generated alerts for:

    • Windows 7 SP1
    • Windows 10 1806
    • Windows Server 2012 R2
    • Windows Server 2016
    • Windows Server 2019

@0xN3utr0n 0xN3utr0n self-assigned this Jul 21, 2020
@0xN3utr0n 0xN3utr0n added the type/bug Something isn't working label Jul 21, 2020
@0xN3utr0n 0xN3utr0n changed the title Vulnerability-detector: Add support for recent Windows Server versions Vulnerability-detector: Fix support for recent Windows Server versions Jul 21, 2020
@0xN3utr0n 0xN3utr0n force-pushed the 4468_winserver_msu_request branch from 2406c55 to 48e69a3 Compare July 27, 2020 11:19
@0xN3utr0n 0xN3utr0n requested a review from chemamartinez July 28, 2020 13:59
@0xN3utr0n 0xN3utr0n marked this pull request as ready for review July 28, 2020 13:59
@0xN3utr0n 0xN3utr0n changed the base branch from develop to 4.0-vdt-tmp July 28, 2020 14:04
@0xN3utr0n 0xN3utr0n changed the base branch from 4.0-vdt-tmp to develop July 28, 2020 14:07
@0xN3utr0n 0xN3utr0n changed the base branch from develop to 4.0-vdt-tmp July 28, 2020 14:09
@0xN3utr0n 0xN3utr0n changed the base branch from 4.0-vdt-tmp to develop July 28, 2020 14:11
@0xN3utr0n 0xN3utr0n force-pushed the 4468_winserver_msu_request branch from d46fab2 to 48e69a3 Compare July 28, 2020 14:12
chemamartinez
chemamartinez suggested changes Jul 31, 2020
View reviewed changes
Comment thread src/wazuh_modules/vulnerability_detector/wm_vuln_detector_nvd.c
@chemamartinez chemamartinez merged commit c45f171 into develop Aug 3, 2020
@chemamartinez chemamartinez deleted the 4468_winserver_msu_request branch August 3, 2020 11:31
@chemamartinez chemamartinez mentioned this pull request Aug 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@chemamartinez chemamartinez chemamartinez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@0xN3utr0n 0xN3utr0n

Labels

module/vulnerability detector type/bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0xN3utr0n @chemamartinez