Credential Patch Scan Windows / Linux

Greenbone can detect missing patches when they are associated with a CVE. However, AFAIK there is no VT that generally interpret package manager metadata.

You did not mention your target OS, but obviously command line tools like apt list --upgradable, dnf check-update or wmic qfe list (for Windows, but does not include third-party packages) can be run locally to determine missing package update (or OS patch in the case of Windows).

That being said, it would be a far cry to expect a Windows patch cycle to go by without a CVE - let alone without a critical CVSS one. So you are always going to be notified about missing Windows updates. :slight_smile:

If you are inclined you may consider developing your own VT for this task.

This is an interesting suggestion for a feature, so thank you for requesting information about it!