Nexpose release announcements - October-December 2012

Document created by kelly_shortt Employee on Feb 5, 2013
Version 1Show Document
  • View in full screen mode

Rapid7October - December 2012
                  Release announcements

 

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a bi-monthly basis in 2012. This page contains detailed announcements for the October, November and December 2012 Nexpose releases:

 

For information on previous coverage releases go to Nexpose Community Release Notes.

For information on the most recent full-feature release go to that Nexpose release announcement.

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 


This Rapid7® Nexpose® 5.5.4 release contains the following update:

  • updated checks
  • fingerprinting improvement

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Updated checks | content

False positives on Windows hosts running Vista SP2, Server 2003R2 SP2, and Server 2008 SP2, as reported in Microsoft Security Bulletin MS12-078, have been corrected to ensure better tracking of security assets.

 

Fingerprinting improvement | content

Fingerprinting of VxWorks devices using the Network Time Protocol (NTP) has been improved to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Content update ID

  • Update ID: 3569496784

 

Installers

Released on December 19, 2012 (see the FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.5.3 release contains the following updates:

  • workflow correction
  • new and updated vulnerability checks

 

Workflow correction | product

The ability to restore a database backup from Nexpose version 5.3 to version 5.5, and later, now functions properly. This correction ensures you can logon and edit sites after restoring a database.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

  • Linux 32 | Update ID:53318383
  • Linux 64 | Update ID:1430494604
  • Windows 32 | Update ID: 1065155457
  • Windows 64 | Update ID:4212679876

 

Installers

Released on December 19, 2012 (see the FAQ).   

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download: 

 

<go to top>


This Rapid7® Nexpose® 5.5.1 release corrects an issue with vulnerability correlation.

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For more information about updates, see the release announcements FAQ page.

 

Vulnerability check correlation | product

A fix addresses an issue that prevents vulnerability check correlation from working reliably in version 5.5.0.

 

Product Update IDs

  • Linux 32 | Update ID: 466886936
  • Linux 64 | Update ID: 2894615396
  • Windows 32 | Update ID: 2819782401
  • Windows 64 | Update ID: 1449034054

 

Installers

  Released on December 10, 2012.

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 


This Rapid7® Nexpose® 5.5.1 release contains the following updates:

  • coverage for Patch Tuesday checks
  • new and updated vulnerability checks
  • coverage improvements

 

December 2012 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for December 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for December 2012. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

Coverage improvements | content

New and improved vulnerability checks provide better security coverage.

  • Coverage has been added for OpenSSH.
  • Coverage has been improved for the vulnerabilities announced in certain Microsoft Security Bulletins.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Content update ID

  • Update ID: 2916105441

 

Installers

Released on December 10, 2012 (see the FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.4.12 release contains the following updates:

  • new and updated vulnerability checks
  • coverage improvements
  • fingerprinting improvements

 

Fingerprinting improvement | product

Fingerprinting of assets that use  Border Gateway Protocol (BGP) no longer causes scans to hang. This will help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

  • Linux 32 | Update ID: 830119004
  • Linux 64 | Update ID: 3620753804
  • Windows 32 | Update ID: 3982852952
  • Windows 64 | Update ID: 3113526877

 

Content update ID

  • Update ID: 1860404786

 

Installers

  Released on November 28, 2012 (see the FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.4.11 release contains the following updates:

  • new and updated vulnerability checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the FAQ.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated to help minimize risk.

 

Product Update IDs

  • Linux 32 | Update ID: 4105181631
  • Linux 64 | Update ID: 1446102015
  • Windows 32 | Update ID: 1452835737
  • Windows 64 | Update ID: 3940403074

 

Content update ID

  • Update ID: 1248005005

 

Installers

  Released on October 31, 2012 (see the sixth FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.4.10 release contains the following updates:.

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

November 2012 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for November 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for November 2012. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

Fingerprinting improvement | content

The accuracy of fingerprinting the poppassd (password change service) on Apple OS X has been improved, resulting in more accurate operating system and service fingerprints for assets running this service. This improvement will help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Accuracy improvement | content

Several false positives in checks for the Apache Web server running on Debian 6.0.6 have been corrected to help you prioritize your remediation efforts more effectively. You must enable correlation in the vulnerability checks section of your scan template for this improvement to take effect.

 

Bi-monthly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

Fingerprinting improvement | product

Fingerprinting accuracy of the running kernel on Linux systems has been improved to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Coverage improvement | product

Expired TLS/SSL certificates are now properly reported to improve your security coverage.

 

Product Update IDs

  • Linux 32 | Update ID: 2164528842
  • Linux 64 | Update ID: 3640161843
  • Windows 32 | Update ID: 1371464493
  • Windows 64 | Update ID: 1906432894

 

Content update ID

  • Update ID: 1549796715

 

Installers

  Released on October 31, 2012 (see the sixth FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.4.9 release contains the following updates:

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well.

 

Coverage improvement | product

Coverage improvements provide better security coverage.

  • Windows policy checks now run properly to provide better security coverage.
  • False positives in a vulnerability check for single user mode on Linux systems have been resolved for Red Hat Linux 6 and later, as well as for Red Hat Linux variants.

 

Fingerprinting improvement | product

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

  • Adobe Reader version 4 and higher are now properly fingerprinted.
  • Microsoft Windows Server 2012 and variants are now fingerprinted correctly.
  • Microsoft SQL Server 2012 is now fingerprinted correctly when detected with the TDS protocol.

 

Coverage improvement | content

False positives for recent Microsoft Internet Explorer vulnerability checks when running on Windows Vista, 7, and 2008 have been resolved to provide better security coverage.

 

Fingerprinting improvement | content

Fingerprinting of various assets, including printers and other embedded devices, has been improved over SNMP, FTP, PJL, and more to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Scanning improvement | content

Authenticated scanning coverage for Microsoft SQL Server has been improved to provide more accurate vulnerability results. This improvement requires the most recent product update.

 

Bi-monthly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

 

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

Product Update IDs

  • Linux 32 | Update ID: 1510652876
  • Linux 64 | Update ID: 1505067050
  • Windows 32 | Update ID: 1841642167
  • Windows 64 | Update ID: 711582500

 

Content update ID

  • Update ID: 4133450026

 

Installers

Released on October 31, 2012 (see the sixth FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.4.8 release contains an improvement to scanning.

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well.

 

Scanning improvement | product

Scanning performance is improved on Windows assets.

 

Product Update IDs

  • Linux 32 | Update ID: 2300393612
  • Linux 64 | Update ID: 3531440546
  • Windows 32 | Update ID: 2611270393
  • Windows 64 | Update ID: 193869663

 

Installers

Released on September 26, 2012 (see the sixth FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

<go to top>


This Rapid7® Nexpose® 5.4.7 release contains the following update:

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well.

 

October 2012 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for October 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for October 2012. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

Web spider improvement | content

Reported OWASP vulnerabilities now include links to their corresponding OWASP-2010 risk page entries to provide additional information you need to remediate vulnerabilities.

 

Bi-monthly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

Fingerprinting improvement | product

Fingerprinting for Microsoft FAST Search Server for SharePoint has been added to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

 

Product Update IDs

  • Linux 32 | Update ID: 800268943
  • Linux 64 | Update ID: 2435196385
  • Windows 32 | Update ID: 1142499291
  • Windows 64 | Update ID: 3577164994

 

Content update ID

  • Update ID: 4203245677

 

Installers

  Released on September 26, 2012 (see the sixth FAQ).

 

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

<go to top>


Attachments

    Outcomes