Scott Gress edc68d3042 Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172) ... for #24041 This PR addresses an issue that can cause Windows vulnerability checks to fail (possibly causing false negatives). We determine whether a vulnerability in an MSRC bulletin applies to any hosts in a Fleet instance by attempting to matching the data in [each row of the `operating_systems` table](65e374c85c/cmd/fleet/cron.go (L297-L303)) with [at least one "product" in a bulletin](e2d9a9016c/server/vulnerabilities/msrc/analyzer.go (L39)), including [matching architecture and "display version"](76f5baced9/server/vulnerabilities/msrc/parsed/product.go (L26-L39)). However a subset of products listed in these bulletins do not include the display version, so for example a host whose OS was listed as `Microsoft Windows Server 2022 Datacenter 21H2` (21H2 being the "display version") would match nothing in the bulletins because no listed Server 2022 products include "21H2" in their names. The fix made here is to add relevant version info to the products list when we do our ETL of the MSRC bulletins. The version info was gleaned from https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions. We see logs related to this issue a lot, so cleaning this up will alleviate some noise and infra costs as well.		2024-12-17 09:46:03 -06:00
..
product.go	Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172)	2024-12-17 09:46:03 -06:00
product_test.go	Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172)	2024-12-17 09:46:03 -06:00
security_bulletin.go	Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172)	2024-12-17 09:46:03 -06:00
security_bulletin_test.go	Enable errcheck linter for golangci-lint (#8899)	2022-12-05 16:50:49 -06:00