Hi,
Please could someone confirm if insightVM continues to report vulnerabilities on systems that are still available with extended support, even if extended support hasn’t been purchased?
For example, Windows Server 2012 went out of support in 10th October 2023, but patches are still available to resolve vulnerabilities if you have extended support, up to 3 years. How should a Server 2012 system that was patched up to October 2023 that isn’t on extended support appear in insightVM? Will the number of vulnerabilities continue to increase based on the extended support patches and vulnerabilities?
We have a few such systems and I’m not really seeing any evidence either way (some devices show very few vulns whereas others show many more), and i’m not clear on how this is supported by Rapid7?
Thanks