Nexpose release announcements - January 2013

Document created by kelly_shortt Employee on Feb 4, 2013Last modified by kelly_shortt Employee on Feb 5, 2013
Version 2Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a weekly basis. This page contains detailed announcements for the January 2013 Nexpose coverage releases:

 

For information on previous coverage releases go to Nexpose Release Notes (archive).

For information on the most recent full-feature release go to that Nexpose release announcement.

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 


This Rapid7® Nexpose® 5.5.8 release contains the following update:

  • new and updated checks
  • new fingerprinting
  • performance improvements

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

New fingerprinting | product

 

New fingerprints help you track assets and vulnerabilities in your environment:

 

  • Debian GNU/Linux
  • Microsoft Enhanced Mitigation Experience Toolkit (EMET) 
  • Universal Plug and Play (UPnP) 
  • VideoLAN VLC 

 

Performance improvements | product

 

The following performance improvements help you to run your vulnerability management program more efficiently:

 

  • Filtered asset searches return results more efficiently, allowing you to create dynamic asset groups more quickly.
  • Reports using the SCAP Compatible XML Export format now generate faster.

 

New and updated checks | content

The following new vulnerability checks improve and expand security coverage.

  • Debian GNU/Linux
  • VideoLAN VLC

 

Weekly vulnerability check update | content

 

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

 

  • Linux 32 | Update ID:  2009070765
  • Linux 64 | Update ID: 649102301
  • Windows 32 | Update ID:  681243258
  • Windows 64 | Update ID: 2555025376

 

Content update ID

 

  • Update ID: 3989834136

 

Installers

  Released on January 30, 2013 (see the FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 


This Rapid7® Nexpose® 5.5.7 release contains the following update:

  • new and updated checks
  • fingerprinting improvements

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Weekly vulnerability check update | content

 

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Fingerprinting improvement | product

 

Proper fingerprinting of VMWare ESX and ESXi assets during unauthenticated scans help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Product Update IDs

  • Linux 32 | Update ID:  2759977750
  • Linux 64 | Update ID: 4214503199
  • Windows 32 | Update ID:  65797998
  • Windows 64 | Update ID: 3234922333

 

Content update ID

  • Update ID: 1069529076

 

Installers

  Released on January 23, 2013 (see the FAQ).         

 

     

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:       

 


This Rapid7® Nexpose® 5.5.6 release contains the following updates:

  • new and updated checks
  • accuracy improvements
  • performance improvements

 

Microsoft out-of-band security bulletin checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for January 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for January 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Accuracy improvement | product

Inconsistencies have been eliminated in the reading of registry values over Windows Management Instrumentation (WMI) in certain situations. This results in more accurate vulnerability check results.

 

Performance improvement | product

Caching of registry data from Windows targets has been optimized to make memory use more efficient.

 

Product Update IDs

 

  • Linux 32 | Update ID:  4153691361
  • Linux 64 | Update ID: 1085730021
  • Windows 32 | Update ID:  250004778
  • Windows 64 | Update ID: 732824106

 

Content update ID

 

  • Update ID: 1261498735

 

Installers

Released on January 02, 2013 (see the FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 


 

January 2013 Patch Tuesday checks | content

 

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for January 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for January 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

Fingerprinting improvement | product

 

New fingerprinting for Microsoft Systems Center Organization Manager helps you track assets better.

 

Weekly vulnerability check update | content

 

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

 

  • Linux 32 | Update ID: 1847590807
  • Linux 64 | Update ID: 427526388
  • Windows 32 | Update ID: 1861557949
  • Windows 64 | Update ID: 1734318207

 

Content update ID

  • Update ID: 705960120

 

Installers

 

Released on January 02, 2013 (see the FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 


 

This Rapid7® Nexpose® 5.5.4 release contains the following update:

  • security improvements
  • fingerprinting improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Security improvements | product

 

This release includes two security improvements:

 

  • An issue that made the Security Console vulnerable to cross-site request forgery (CSRF) attacks has been corrected.
  • The auth.log file no longer includes the registered session ID for each Security Console logon.

 

We would like to thank Robert Gilbert for bringing these issues to our attention and helping us deliver a secure product.

 

Fingerprinting improvement | content

 

NetApp Data ONTAP systems are now properly fingerprinted so that you can track assets running these systems in your environment.

 

Weekly vulnerability check update | content

 

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

 

  • Linux 32 | Update ID:  1204795165
  • Linux 64 | Update ID: 861458772
  • Windows 32 | Update ID:  614731246
  • Windows 64 | Update ID: 704950271

 

Content update ID

 

  • Update ID: 2691686565

 

Installers

 

Released on January 02, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

Attachments

    Outcomes