Hi I’m using Greenbone Security Assistant 21.4.3 under Kali Linux to run regular scans against several servers.
Recently, it started to report a high severity vulnerability on a server with SQL 2016 installed. (see below)
This server does have SQL server 2016, but it’s got SP3 installed and the latest update from June 2022 as well. As far as I can see from various sources, security support from Microsoft ends in Jul 2026 for this version of SQL. Or perhaps I have that wrong?
Detection Result
The “Microsoft SQL Server 2016” product on the remote host has reached the end of life. CPE: cpe:/a:microsoft:sql_server:2016 EOL version: 2016 EOL date: 2018-01-09
Product Detection Result
Product | [cpe:/a:microsoft:sql_server:2016_server 2016) |
---|---|
Method | [Microsoft SQL Server (MSSQL) Detection (TCP/IP Listener) (OID: 1.3.6.1.4.1.25623.1.0.10144)] |
Detection Method
Checks if a vulnerable version is present on the target host.
Details: | [Microsoft SQL Server End Of Life Detection OID: 1.3.6.1.4.1.25623.1.0.108188] |
---|---|
Version used: | 2022-08-04T13:37:02Z |