Problems with Vulnerability Detection Module in Windows XP
106 views
Skip to first unread message
Daniel Luengo
Sep 5, 2022, 6:05:38 AM9/5/22
to Wazuh mailing list
Good morning,
We are having a problem with the wazuh vulnerability detection module to detect vulnerabilities on a Windows Xp.
The configuration of the Ossec.conf file is as follows (Osec-conf).
We see that in spite of having enabled the MSU and NVD databases, from the manager only the NVD list is shown (vulnerabilityDB).
We are having a problem with the wazuh vulnerability detection module to detect vulnerabilities on a Windows Xp.
The configuration of the Ossec.conf file is as follows (Osec-conf).
We see that in spite of having enabled the MSU and NVD databases, from the manager only the NVD list is shown (vulnerabilityDB).
Any idea what might be going on?
Best regards.
Marcel Kemp
Sep 5, 2022, 11:28:05 AM9/5/22
to Wazuh mailing list
Hi Daniel,
If you have any questions, don't hesitate to ask.
The issue with the active Vulnerability Detector configuration reflected in the WUI is a known issue (which you can see in issue #10839), but it has been fixed in the next PR: #12117.
And it will be released in Wazuh v4.4.
However, it is only a visual problem, because internally if the MSU is active in the configuration, the scanning of Windows agents should work correctly.
As for Windows XP, it is possible that it does not work properly because the MSRC (Microsoft's official source of vulnerabilities for the MSU) does not seem to have vulnerabilities and patches for Windows XP, so the MSU does not have any vulnerabilities related to Windows XP either.
And it will be released in Wazuh v4.4.
However, it is only a visual problem, because internally if the MSU is active in the configuration, the scanning of Windows agents should work correctly.
As for Windows XP, it is possible that it does not work properly because the MSRC (Microsoft's official source of vulnerabilities for the MSU) does not seem to have vulnerabilities and patches for Windows XP, so the MSU does not have any vulnerabilities related to Windows XP either.
It should also be noted that support for Windows XP ended in 2014, so it no longer has patches to fix its vulnerabilities since that year, so it is advisable to upgrade to a supported Windows OS, as Windows XP is considered a vulnerable OS.
Still, those are the vulnerabilities of the system.
Still, those are the vulnerabilities of the system.
As for the vulnerabilities of the packages, it is possible to detect their vulnerabilities thanks to the CPE Helper, which will translate the packages collected by Syscollector and found in the cpe_helper dictionary, to generate their corresponding CPE that will match the vulnerabilities of the package.
If Vulnerability Detector is working properly, then no Warning or Error should appear in Wazuh logs.
- For more information, please consult the documentation: https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/cpe-helper.html
If Vulnerability Detector is working properly, then no Warning or Error should appear in Wazuh logs.
If you have any questions, don't hesitate to ask.
Reply all
Reply to author
Forward
0 new messages