NeXpose Release April 18, 2011

Document created by mburstein Employee on Jun 7, 2011Last modified by mburstein Employee on Nov 1, 2011
Version 2Show Document
  • View in full screen mode
                                                                   

Rapid72011-04-18 content and product updates
                  Pre-release announcement

           

This Rapid7® NeXpose® 4.11.3 release features improved fingerprinting and scan accuracy, updated checks, uninterrupted scans on certain targets, and better summary information for TCP timestamp response vulnerability.

 

These release notes document what's new in the next NeXpose release. Your NeXpose installation will automatically download and install content updates. If you have enabled NeXpose to install product updates, it will do so as well. See the third FAQ.

           

Improved fingerprinting | product
                 

            

Improved fingerprinting helps you to track more assets in your environment:

                 
  • Fingerprinting of Adobe Flash Player's ActiveX component has been improved on 64-bit Windows platforms.
  • Fingerprinting of Mozilla Firefox has been improved on 64-bit versions of Windows.
  • Fingerprinting of Microsoft Office products has been improved for unusual situations in which Office is installed in 32-bit mode on 64-bit platforms.

Uninterrupted scans on certain targets | product

             

Scans now continue uninterrupted in certain situations where the product discovers a MAC address but no corresponding IP address for a given target asset. This improves overall scan coverage.

               

More accurate checks on non-Windows targets | product
                 

             

Checks that rely on the existence of Windows registry values no longer incorrectly return vulnerable status on non-Windows targets. This fix provides better overall accuracy in scan results.

               

More helpful migration FAQs | product
                 

             

FAQs on the Migration page now provide more comprehensive guidance through PostgreSQL database migration, so that you can complete this task more easily.

           

Scan performance and accuracy improvements | content
                 

             

A number of performance and accuracy improvements provide a better view of your security posture:

                 
  • An increased timeout for a default account check in iSQL plus instances ensures better scan performance on this slow-responding service.
  • Fingerprinting of certain Cisco IOS versions obtained through SNMP banners has been improved.
  • A false positive has been corrected for a patch-verification check for an Adobe Flash Player vulnerability announced in Adobe Security Bulletin APSB11-05.
            

Better summary for TCP timestamp response vulnerability | content
                 

             

Updated information and remediation details for the TCP timestamp response vulnerability help you address this flaw more effectively. The vulnerability description includes additional references, a corrected CVSS vector, and solutions for Cisco and Windows platforms.

          

Bi-monthly vulnerability check update | content
                 

            

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

                 
  • Adobe Flash
  • Adobe Reader
  • Apache
  • Apple QuickTime
  • CentOS
  • Cisco devices
  • Java Runtime Environment
  • Mozilla Firefox
  • OpenSSL
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware
            

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.  

            

Frequently asked questions (FAQs)
                 

                 
  • How will I know NeXpose has updated with this specific release?
    All updates are listed on the News page of the NeXpose Security Console Web interface.
  • Why doesn’t the most recent date on the News page match the dates of the current updates on the Administration page?
    You may occasionally notice that the most recent date on the News page does not match the dates of the current updates listed on the NeXpose Security Console administration page. The dates on the News page are official release dates. The dates on the console page indicate when updates were actually applied to your NeXpose installation.
  • What are content updates, and what are product updates?
    Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies. Product updates include performance improvements, bug fixes, and new features in NeXpose.
  • Why are installers not updated with every release?
    To help you stay on top of an ever-growing number of security threats, Rapid7 makes the delivery of new security content timely and convenient.  After installation and first-time start-up, NeXpose continues to update itself dynamically. This makes it unnecessary for Rapid7 to update installers  with every release of security content. So, you don't have to download installers every time new content is available.
  • Does this dynamic self-updating cause NeXpose to restart?
    Yes. You may notice NeXpose taking longer to start for the first time after installation. You may also notice it restarting more than once as it completes a required sequence of updates.
  • Where can I get more information about this release?
    Interact with the Rapid7 Community by joining our e-mail list, registering on the Wiki, and joining us on the Rapid7 IRC Channel. For more information, go to http://community.rapid7.com.
           
Rapid7: Recipient of Highest Ranking in Vulnerability Management 2010
from Gartner and Forrester:
http://www.rapid7.com/resources/gartner_marketscope.jsp
http://www.rapid7.com/resources/forrester-wave.jsp
               

Attachments

    Outcomes