Just some remarks on the detection of outdated server distributions. A lot of distributions leave the version number as it was *, but administration may do update and patch security holes (we just do not know
). Such practices are basically wrong however, because excessive server header info proliferation should never and under no circumstances be enabled in the settings by default and actually never be given! An attacker may have other ways to get the info he is after however, but that is outside the scope of what we warn for here.
Your server should not forward any info globally and to attackers, whatever the real security situation of that server may indicate. A list of failures for a SQL Server:
https://www.simple-talk.com/sql/database-administration/how-to-get-sql-server-security-horribly-wrong/So the assumptions of this report are questionable, but that is because of practical implications and the unreliability of passive scan results for certain criteria(see my earlier remarks *): -https://www.sidn.nl/downloads/reports/Passive+Scan+Research.pdf (do not open search results of that report - when you aren't into website security, that report isn't for you!).
polonus