Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 32
fleet/server/vulnerabilities
History
Scott Gress edc68d3042
Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172) 
for #24041 

This PR addresses an issue that can cause Windows vulnerability checks
to fail (possibly causing false negatives). We determine whether a
vulnerability in an MSRC bulletin applies to any hosts in a Fleet
instance by attempting to matching the data in [each row of the
`operating_systems`
table](65e374c85c/cmd/fleet/cron.go (L297-L303))
with [at least one "product" in a
bulletin](e2d9a9016c/server/vulnerabilities/msrc/analyzer.go (L39)),
including [matching architecture and "display
version"](76f5baced9/server/vulnerabilities/msrc/parsed/product.go (L26-L39)).
However a subset of products listed in these bulletins do not include
the display version, so for example a host whose OS was listed as
`Microsoft Windows Server 2022 Datacenter 21H2` (21H2 being the "display
version") would match nothing in the bulletins because no listed Server
2022 products include "21H2" in their names.

The fix made here is to add relevant version info to the products list
when we do our ETL of the MSRC bulletins. The version info was gleaned
from https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions.

We see logs related to this issue a lot, so cleaning this up will
alleviate some noise and infra costs as well.
2024-12-17 09:46:03 -06:00
..
customcve Add matching rules for Microsoft 365 for July and August 365 (#21410) 2024-08-20 11:35:44 -03:00
goval_dictionary Pull xz'd goval-dictionary sqlite files to evaluate vulnerabilities on Amazon Linux hosts (#21506) 2024-08-26 14:07:42 -05:00
io Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
macoffice Moving Go integration tests to integration test job (#21126) 2024-08-07 14:00:25 +02:00
msrc Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172) 2024-12-17 09:46:03 -06:00
nvd Skip python vulnerabilities test (#24287) 2024-12-02 14:33:03 -07:00
oval Enable staticcheck Go linter. (#23487) 2024-11-05 11:16:24 -06:00
testdata Handle flaky vulnerability tests (#11262) 2023-04-21 19:37:29 -04:00
utils Add gosimple linter (#23250) 2024-10-29 14:17:51 -05:00