Vulnerability OS reporting inaccurate or not meaningful in Fleet

[pacamaster]

Fleet version:
Reported running in Fleet 4.44
Web browser and operating system:
Current release

---

💥  Actual behavior

The reported OS version is incomplete and lists lots of erroneous vulnerabilities for the OS. Taking all vulns and not seeming to exclude older versions in Fleet.
The tagged client has examples:
OS Windows 10 Pro 10.0.19045, which has CVEs dating back to 2021, but by looking at the full OS version of a sample host, it's actually 10.0.19045.3930, which is a Jan 2024 update. The information seems inconsistent or not too helpful.

When the version is correctly identified, is pulling 551 vulns for a most recent CU

And previous version reports same 551 vulns

Windows 11 seems to be fine, could be Windows 10 related

🧑‍💻  Steps to reproduce

1. TODO

🕯️ More info (optional)

• may be related to an older version of osquery (5.9.1) or hosts that have not checked in for a while.
• Guess might be using host counts and numbers inflated or in error?
• unable to reproduce in our Dogfood environment
  
• This could also be more of a feature request to make the info more clear what it is describing

[JoStableford]

Related to a Slack conversation

[sharon-fdm]

@pacamaster could you please provide reproduction steps?

[mostlikelee]

I could not replicate the issue of Win10 hosts not reporting the full OS version (via osquery 5.9.1 or 5.11), but I added extra validation for offline hosts that have not yet reported correctly since an upgrade to 4.44.0+ to the scope.

Additionally I found a bug where osquery is not correctly reporting the Win10 build version in the kernel_info table. This is also added to the scope.