Simplified Windows HTTP Banner Fingerprint

Background

When an HTTP server returns the “Microsoft-HTTPAPI/2.0” banner we can be fairly certain that the operating system (OS) is Microsoft Windows but not certain which edition is running. Nessus plugin 25247, which is used to assist in determining the OS by plugin 11936, lists all possible editions of Windows. As the list of editions has grown, the utility of listing all possible editions has diminished.

Change

Nessus plugin 25247 is being updated to use the fingerprint “Microsoft Windows” instead of the list of Windows editions since Windows XP.

The current OS Identification (11936) output:

  Remote operating system : Microsoft Windows Server 2003

  Microsoft Windows Vista

  Microsoft Windows Server 2008

  Microsoft Windows 7

  Microsoft Windows Server 2008 R2

  Microsoft Windows Server 2012

  Microsoft Windows 8

  Microsoft Windows Server 2012 R2

  Microsoft Windows 10

  Microsoft Windows Server 2016

  Microsoft Windows Server 2019

After the change:

Remote operating system : Microsoft Windows

Impact

Customers should expect to see simplified results when searching plugin output for operating systems. For example, searching for “Microsoft Windows Server 2019” will no longer yield results from this plugin based on the “Microsoft-HTTPAPI/2.0” banner.

Plugins

25247 - OS Identification : HTTP

11936 - OS Identification

Target Release Date

28 Oct 2020

------------------------------------------------------------------------------------------------

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.