CISecurity/OVALRepo

Patch Definitions not available for windows 2011

Opened this issue · 1 comments

Hi All,

Can anyone help on getting oval patch xml for windows 2011, from past few month am trying to generate but unsuccessful.
windows 2010 patch is getting generated properly, but not for windows 2011.
I was trying to generate the windows 2011 oval patch xml from the ovalrepo, using the mentioned steps in the repository.
the command which i tried is :
C:\IOT\OvalRepository\OVALRepo\scripts>python build_oval_definitions_file.py -o c:\5.11\oval.windows.patch.xml --platform "microsoft windows 11" --family windows --class patch --max_schema_version 5.10 -vindows --class patch --max_schema_version 5.10 -v

Output which i got after running above command:

INFO: Found 0 matching OVAL definitions
INFO: Writing OVAL definitions to C:\IOT\OvalRepository\OVALRepo\scripts\output-files\5.11\oval.windows.patch.xml
INFO: performing schema validation
INFO: schema validation successful
INFO: Completed in 00:00:02!

Generated oval patch xml:

<oval_definitions
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd">

<generator>
	<oval:product_name>CIS OVAL Repository</oval:product_name>
	<oval:product_version>0.1</oval:product_version>
	<oval:schema_version>5.10</oval:schema_version>
	<oval:timestamp>2023-11-01T07:52:51</oval:timestamp>
</generator>

</oval_definitions>

Any help would be appreciated.

I do not think you should rely on the OVAL content available from this git. I have not seen any meaningful OS updates for Windows OS, and it hasn't been useful for a long time. There appears to be someone who updates vulnerabilities for Adobe products on Windows platforms in the repo, and that's it.

For Windows 10 patches:
python build_oval_definitions_file.py -o windows.10.patch.xml --platform "Microsoft Windows 10" --family windows --class patch --max_schema_version 5.10

You get:
`C:\OVALRepo\scripts>python build_oval_definitions_file.py -o windows.10.patch.xml --platform "Microsoft Windows 10" --family windows --class patch --max_schema_version 5.10
INFO: Found 8 matching OVAL definitions
INFO: Finding downstream OVAL ids for all definitions
INFO: Found 56 downstream OVAL ids
INFO: Finding paths for 64 OVAL elements
INFO: Generating OVAL definition file with 64 elements
INFO: Writing OVAL definitions to windows.10.patch.xml
INFO: Completed in 00:00:27!

C:\OVALRepo\scripts>`
If you perform the build above for Windows 10 patches , and then search the resulting XML for "CVE-2023" you will find none. If you search for "2023" by itself you get one. In the build date of your file. I have not yet tried this with the other schemas (5.11.x)

Unfortunately, Microsoft does not appear to provide their own OVAL files as RedHat does.