Nexpose  release announcements - April-June 2012

Document created by kelly_shortt Employee on Feb 7, 2013
Version 1Show Document
  • View in full screen mode

Rapid7April-June 2012
                  Release announcements

 

 

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a bi-monthly basis in 2012. This page contains detailed announcements for the April, May and June 2012 Nexpose releases:

 

 

For information on previous coverage releases go to Nexpose Community Release Notes.

For information on the most recent full-feature release go to that Nexpose release announcement.

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 


This Rapid7® Nexpose® 5.3.4 release contains the following updates:          

                      

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

Accuracy improvements | product        

 

Accuracy improvements help you prioritize remediation efforts more effectively.

                                  

Bi-monthly vulnerability check update | content        

        

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

         

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

        

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

          

Product Update IDs

 

  • Linux 32  | Update ID: 4064930936
  • Linux 64  | Update ID: 342264926 
  • Windows 32 | Update ID: 3240388417
  • Windows 64 | Update ID: 347036102

        

Content update ID
        

  • Update ID: 3386313837
  •         

          

Installers
      

   Released on June 19, 2012 (see the sixth FAQ).           

        

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:         

 

<go to top>


This Rapid7® Nexpose® 5.3.3 release includes scanning improvements.

                                    

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

                                  

Scanning improvements | product

The following improvements address scanning issues that occurred under certain circumstances:

  • Paused scans resume properly for target assets that are identified by host names.
  • An intermittent issue that could cause scans to terminate unexpectedly has been corrected.
                                   

Product update IDs

  • Linux 32 | Update ID: 1784591065
  • Linux 64 | Update ID: 2379537481 
  • Windows 32 | Update ID: 3843338681
  • Windows 64 | Update ID: 112101731
          

Installers
        

Released on June 19, 2012 (see the sixth FAQ).                     

md5sum files      

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:           

 

<go to top>


This Rapid7® Nexpose® 5.3.2 release contains the following updates:         

You can read detailed information about this release and find current content and product update IDs in the most recent Nexpose release announcement in the Rapid7 Community.

              

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

      

Fingerprinting improvement | product

 

Fingerprinting for Microsoft Visual Basic for Applications (Core) and Visual Basic for Applications software development kit (SDK) has been added to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

                                      

Vulnerability checks for June 2012 Patch Tuesday exposures | content

  New  vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for June 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for June 2012. Use the checks in this content update to verify that the latest Microsoft patches have been applied to system assets.

                        

Bi-monthly vulnerability check update | content       

       

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

        
  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware
       

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

                  

Product Update IDs
         

  • Linux 32 | Update ID: 3585456883
  • Linux 64 | Update ID: 2067486210
  • Windows 32 |Update ID: 1056884030
  • Windows 64| Update ID: 2630771758
            

Content update ID

 
  • Update ID: 1359569370

 

<go to top>


This Rapid7® Nexpose® 5.3.1 release corrects  issues related to reporting and data export.
                 
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. See the fourth FAQ.

 

 

Reporting and data-related improvements | product

This release corrects several issues to improve reporting and database export operations:

  • an issue that prevented some users with roles other than Global Administrator from generating reports
  • an issue that prevented the data export feature from working properly
  • an issue that prevented the data warehouse export feature from supporting all IP address values


Product update IDs   

  •   Linux 32                   | Update ID: 2460004289
  •   Linux 64                   | Update ID: 563392066
  •   Windows 32              | Update ID: 3348755521
  •   Windows 64              | Update ID: 2681233671
       

Installers

Released on June 7, 2012 (see sixth FAQ).               

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


 

This Rapid7® Nexpose® 5.3  release includes new features and improvements for credentials, reporting, scan discovery, coverage, usability, and administration.
                 
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. See the third FAQ.

 

Thanks for choosing Nexpose!

In  release 5.3, Rapid7 continues our commitment to delivering a great product to  you. This release includes shared credential management, CyberScope reports,  and numerous other enhancements and fixes that we are excited to deliver. In  terms of coverage, we released checks for more than 1,700 vulnerabilities since  the 5.2 release. Please, keep the feedback coming!
 
Sincerely,

Eric Reiners
Director of Engineering, Rapid7


Remember to clear your browser cache after applying this  update!


If your maintenance routine includes making backups, create a  new one after upgrading to this release in order to ensure that you have the  latest configuration and data captured.


Credential management | product

 

Shared credentials simplify scan authentication configuration

You can now create and manage scan credentials that can be used in multiple sites. This is useful if you need to perform authenticated scans on multiple assets that require the same credentials. For example, your organization's security policy may require a set of credentials to change every 90 days. You can edit that set in one place and apply the changes to every site where those credentials are used. This eliminates the need to change the credentials in every site, one-by-one.

credential management

 

Reporting | product

      

CyberScope format simplifies reporting for federal agencies

With the new CyberScope XML Export format, federal agencies can now quickly and easily fulfill their requirement to submit monthly FISMA security reports to the U.S. Office of Management and Budget (OMB).

Configuring a CyberScope report is simple. When creating a report in the Web interface, select the CyberScope format. Enter the Component, Bureau, and Enclave, according to guidelines specified in the CyberScope Automated Data Feeds Submission Manual published by the OMB. For more information on the supported CyberScope version, go to http://scap.nist.gov/use-case/cyberscope/.

CyberScope        

NOTE: The  CyberScope format is only available with Nexpose Federal Edition and a license  that enables FDCC or USGCB scanning.  To discuss pricing and upgrade options, please contact Rapid7.

 

Administration and general usability | product

Scan template configuration features improved discovery performance settings

Scan templates feature a dedicated discovery performance page and improved discovery performance tuning. When configuring a scan template, you can use convenient, new slider controls to adjust discovery settings. During the discovery phase of scans, performance is adjusted for better accuracy based on environment conditions and scan template configuration.

discovery

 

Update process is improved

The update process has been improved in the following ways:

  • Enhanced logging for update-related events provides better monitoring and diagnostics.
  • The update process handles issues such as power outages and insufficient disk space more gracefully.
  • Failed updates no longer result in lost access to the application. You can continue to perform normal operations.

 

Other usability and maintenance improvements

  • CSV exports no longer fail when MAC addresses are incorrectly formatted.
  • A defect that prevented reports from being edited in Internet Explorer 7 has been corrected.
  • The Manage Engines page now provides more responsive feedback on Scan Engine status.
  • An issue that prevented the editing of some site configurations has been corrected.
  • You can now view the scan history for sites that have been assigned to a Scan Engine pool.
  • The maximum file size for nsc.log has increased from 10MB to 100MB to capture more information for troubleshooting and tracking of system activity.

 

Scanning and coverage | product

Improvements to scanning and coverage provide better tracking of security issues

  • Scan Engines on all supported platforms can now handle changes to their network interfaces, such as their hosts suspending, hibernating, or changing their IP addresses.
  • New checks are available for the following security threats:
    • a vulnerability in Microsoft Remote Desktop, as reported in Microsoft Security Bulletin MS12-020
    • the SubSeven remote-administration trojan


Web scanning | content

Web scanner features better use of session credentials

The Web scanner's use of HTTP session credentials has been improved for better authentication on target Web applications.


System requirements | product

  • Mozilla has end-of-lifed Firefox 3.6 and has advised users that continuing use of Firefox 3.6 is no longer supported and poses a significant security risk. Therefore support is discontinued for both Firefox 3.5 and 3.6, effective immediately. Moving forward, the current Mozilla Extended Support Release (ESR) supported versions will be supported.
  • You can now run the application on VMware ESXi 5.0.


Environment file update | product

The NeXposeEnvironment.env has been modified as part of this release.


Documentation | product

A number of documentation improvements make it easier for you to find the information you need:

  • The API 1.1 and 1.2 guides have been consolidated into one document. The new guide explains in detail how the two API versions are different: They support different subsets of features and are validated differently. The guide also provides easier navigation, via PDF hyperlinks, to the calls that are included in each version. Additionally, headings for API 1.2 attributes and elements are presented in a "breadcrumb" format so that you can correlate these attributes and headings with their specific APIs for better context. As of this release, the individual API 1.1 and 1.2 guides are no longer available.
  • The Appliance guides for the Scan Engine and Security Console have been consolidated into one document, which explains the difference between the two components and how to determine which type of Appliance you have. As of this release, the individual Scan Engine and Security Console Appliance guides are no longer available.
  • The user's guide has been expanded to include content on vAsset discovery, scan template customization, and other operations that help you discover and assess your security environment. This additional content previously appeared in the administrator's guide, which has been edited to address operations that are specific to administration, such as deployment, user and role provisioning, maintenance, and troubleshooting.

All documents can be downloaded from the Support page in the Web interface.


Security content updates since 5.2

  • We have released checks for more than 1,700 vulnerabilities since the 5.2 release.
  • The list of bi-monthly vulnerability check updates includes: Adobe (AIR, Flash, Reader, Shockwave), Apache, Apple (iTunes, Java, OS X, QuickTime, Safari), Bind, CentOS, Cisco Devices, Google Chrome running on Linux, Microsoft Windows, Apple OS X, IBM AIX, Java Runtime Environment, Microsoft Silverlight for Apple OS X targets, Mozilla (Firefox, SeaMonkey, Thunderbird), OpenSSL, Oracle Linux, PHP, Red Hat Enterprise Linux, Solaris, and VMware.
  • Since  the 5.2 release, new or expanded vulnerability checks have been created for the  following programs:
    • Adobe AIR
    • Google Chrome running on Linux, Microsoft Windows, and Apple OS X
    • Microsoft Silverlight for Apple OS X targets
  • Other check improvements since 5.2 include the following:
    • A vulnerability check for improperly secured WebDAV servers now properly concludes.
    • The Symantec Endpoint Protection DAT version is now detected and reported in the software listing for all systems running SEP.
  • In total, Nexpose now performs more than 88,500 checks for more than 29,700 vulnerabilities.

Product update IDs

          
  •   Linux 32                  | Update ID: 3135666527
  •   Linux 64                  | Update ID: 110168100
  •   Windows 32              | Update ID: 2443132621
  •   Windows 64              | Update ID: 3814088658
        

Content update IDs

                    
  • Update ID: 664297268

Installers

  Released on June 6, 2012 .                 

md5sum files
          

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.2.6 release contains the following updates:  

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

         

Fingerprinting improvement | product
     

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

         
  • Microsoft Core Services XML (MSXML) current versions up to May 18, 2012, are now fingerprinted.
  • SMTP fingerprinting has been improved for abnormally slow SMTP servers.
  • Fingerprinting for Apache Tomcat versions 4 through 7 has been improved.
  • Fingerprinting for JIRA has been added.
           

Coverage improvement | product
     

Support for detecting CVE-2012-1182, a remote vulnerability in Samba, has been added to provide better security coverage.

                       

Fingerprinting improvement | content
       

Fingerprint data for additional Web servers has been added to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

           

Coverage improvement | content

New and improved vulnerability checks provide better security coverage.

         
  • Coverage for Atlassian JIRA has been added. This improvement requires the most recent product update.
  • Vulnerability checks for Apache Tomcat have been added.
           

Bi-monthly vulnerability check update | content

         

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

           
  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware
         

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

                     

Product Update IDs
  

  • Linux 32 | Update ID: 2246781362
  • Linux 64 | Update ID: 82189301
  • Windows 32|Update ID: 2435129575
  • Windows 64| Update ID: 2868206612

Content update ID
           

  • Update ID: 2274850206
          

Installers
          

  Released on March 21, 2012 (see the sixth FAQ).                   

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.2.5 release corrects a scanning issue.

You can read detailed information about this release and find current content and product update IDs in the most recent Nexpose release announcement in the Rapid7  Community.                

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install product updates. For information about restarting Nexpose after updating, see the third FAQ.

            

Reminder: Update your installation with the version released May 16, 2012

    

After July 25, your installation will be ineligible to receive any content updates unless you have already updated to Nexpose 5.3. Over time, this will result in decreased accuracy and validity of your results and reporting. If you have automatic updates enabled, you will not be affected.

                            

Scanning correction | product

 

This product update resolves an issue where scans might fail if ‘Potential’ vulnerability checks are enabled.

                                        

Product Update IDs
            

  • Linux 32 | Update ID: 3350583203
  • Linux 64 | Update ID: 3372991981
  • Windows 32| Update ID: 937841174
  • Windows 64| Update ID: 830172380
        

Content update ID

                
  • Update ID: 1797999202
  •         
          

Installers
          

Released on March 21, 2012 (see the sixth FAQ).                   

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.2.4 release contains the following updates:    

You can read detailed information about this release and find current content and product update IDs in the most recent Nexpose release announcement in the Rapid7  Community. 

         

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

        

Reminder: Update your installation with the version released May 16, 2012

You must apply the May 16, 2012 update: After July 25, your installation will be ineligible to receive any content updates unless you have already updated to Nexpose 5.3. Over time, this will result in decreased accuracy and validity of your results and reporting. If you have automatic updates enabled, you will not be affected.

 

Vulnerability checks for May 2012 Patch Tuesday exposures | content

  New  vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for May 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for May 2012. Use the checks in this content update to verify that the latest Microsoft patches have been applied to system assets.

                        

Fingerprinting improvements | product

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

    

  • Fingerprinting of Adobe software has been improved in situations where Adobe software was installed or removed incorrectly.
  • Fingerprinting of Windows software utilizing the Windows registry service exposed through Common Internet File System (CIFS) will no longer run against non-Windows targets. This improves scan times on UNIX targets that have Samba or similar CIFS services running.

      

Fingerprinting improvement | content

Fingerprinting of various proprietary, embedded HTTP servers has been improved to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

      

Bi-monthly vulnerability check update | content          

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

      

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

 

 

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

    

Product Update IDs

 

  •   Linux 32 | Update ID: 1230186919
  •   Linux 64 | Update ID: 2513419216
  •   Windows 32|Update ID: 2343837536
  •   Windows 64| Update ID: 2706153692


Content update ID

  • Update ID: 203303119


Installers
          

Released on March 21, 2012 (see the sixth FAQ).

         

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:     

 

<go to top>


This Rapid7® Nexpose® 5.2.3 release contains the following updates:    

            

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

                          

Fingerprinting improvement | product
          

Fingerprinting of Printer Job Language (PJL)-compatible printers has been improved to more closely adhere to the PJL specifications, resulting in more accurate fingerprinting and eliminating printing issues caused by scans.

    

Coverage improvement | product
        

A false positive encountered with CVE-2006-2369 on newer versions of RealVNC has been resolved for better security coverage.

    

Bi-monthly vulnerability check update | content  

  

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

    

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

  

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

                

Product Update IDs

 

  • Linux 32 | Update ID: 3066550626
  • Linux 64 | Update ID: 3344837185
  • Windows 32| Update ID: 2987864156
  • Windows 64| Update ID: 1255727647

    

Content update ID

                        

  • Update ID: 3170566651

      

Installers
      

  Released on March 21, 2012 (see the sixth FAQ).        

    

md5sum files
    

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:      

 

<go to top>


This Rapid7® Nexpose® 5.2.2 release contains the following updates:    

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. See the third FAQ.


Accuracy improvements | product

  

The vulnerability checks for default credentials on Dell DRAC4, DRAC5, and iDRAC6 are more accurate to help you prioritize remediation efforts more effectively.

                

Fingerprinting improvements | product

  

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

  • Microsoft SQL services are now fingerprinted remotely.
  • Symantec pcAnywhere services are now fingerprinted remotely.
  • Fingerprinting for the Microsoft remote display protocol (RDP) has been enhanced to more accurately detect RDP services on Microsoft Windows.

                

Vulnerability checks for April 2012 Patch Tuesday exposures | content                 

  New  vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for April 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for April 2012. Use the checks in this content update to verify that the latest Microsoft patches have been applied to system assets.

  

Bi-monthly vulnerability check update | content               

    

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

  

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

            

Product Update IDs

 

  • Linux 32 | Update ID: 3383994518
  • Linux 64 | Update ID: 638476969
  • Windows 32 |Update ID: 274129303
  • Windows 64 | Update ID: 3553603864

                     

Content update IDs

  • Update ID: 3647793307

        

Installers
                 

  Released on March 21, 2012 (see the fourth FAQ).      

      

md5sum files
                 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:      

 

<go to top>


Attachments

    Outcomes