Nexpose release announcements - March 2013

Document created by ryukhin on Apr 11, 2013Last modified by ryukhin on Apr 29, 2013
Version 2Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a weekly basis. This page contains detailed announcements for the March 2013 Nexpose coverage releases:

 

For information on previous coverage releases go to Nexpose Release Notes (archive).

 

For information on the most recent full-feature release go to that Nexpose release announcement.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


This Rapid7® Nexpose® 5.5.16 release contains the following updates:

  • accuracy improvements
  • application improvements
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvement | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Fingerprinting of Adobe Acrobat and Reader on Windows has been improved.
  • Fingerprinting of Mozilla Firefox and Thunderbird has been enhanced to differentiate installations on the Extended Support Release (ESR) update channel from regular installations.

Application improvement | product

Application improvements have been made to help you identify the top assets for remediation and API enhancements have been made for improved integration:

  • The Top 10 Assets by Vulnerability Risk and Top 10 Assets by Vulnerabilities reports now display IP addresses when host names were not detected during the scan.
  • The AssetGroupSaveRequest API call now returns the risk score for each asset in the group.

Accuracy improvement | content

Fingerprinting of NetApp appliances has been improved to help you to assess your security posture and prioritize remediation more effectively.

Scanning improvement | content

The PCI Audit Scan template default setting has been improved to provide enhanced vulnerability scanning and accuracy during the discovery phase.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

 

  • Linux 32 | Update ID:  1820888537
  • Linux 64 | Update ID:  2442049747
  • Windows 32 | Update ID:  3683725877
  • Windows 64 | Update ID: 1937506652

 

Content update ID

 

  • Update ID: 1785813689

 

Installers

   Released on March 20, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 


This Rapid7® Nexpose® 5.5.15 release contains the following updates:

  • accuracy improvements
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvement | product

All distributed Scan Engines with credentials that are applied to a common service, host, and port are now authenticated properly.

Accuracy improvement | content

Significant improvements have been made to SNMP fingerprinting. This results in more accurate operating system fingerprinting of assets running SNMP.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

  • Linux 32 | Update ID:  2017961992
  • Linux 64 | Update ID: 1356559246
  • Windows 32 | Update ID:  2583002149
  • Windows 64 | Update ID: 3475304469

Content update ID

  • Update ID: 1686517173

Installers

   Released on March 20, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 


This Rapid7® Nexpose® 5.5.14 release contains the following updates:

  • March 2013 Patch Tuesday checks
  • fingerprinting improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

March 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for March 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for March 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

Fingerprinting improvement | content

Microsoft Filter Pack is now fingerprinted during authenticated scans to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Product Update IDs

  • Linux 32 | Update ID: 2416570058
  • Linux 64 | Update ID: 2373428100
  • Windows 32 | Update ID:  3288509519
  • Windows 64 | Update ID: 960031455


Content update ID

  • Update ID: 1323362257


Installers

  Released on February 20, 2013 (see the FAQ).


md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 


This Rapid7® Nexpose® 5.5.13 release contains the following update:

  • application improvement
  • accuracy improvements
  • scanning improvement
  • coverage improvement

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • XML Export 1.0, XML Export 2.0, and SCAP Export now only include vulnerability reference sources contained in their respective schemas. XML export 1.0 no longer includes the dev-id attribute inside the node element. These changes ensure that these XML formats provide expected information in report output.


Accuracy improvements | product

Accuracy improvements Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • The vulnerability check for weak SSL ciphers now includes more recent weak ciphers for more thorough coverage of this security flaw.
  • A check that verifies proper protection for syslog logs that contain sensitive information now functions correctly when the syslog configuration file has strict permissions.


Scanning improvement | content

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Enhancements to the PCI audit scan template provide more rigorous vulnerability scanning by default. Also, the default Parallelism setting now prioritizes accuracy over speed throughout the discovery phase of scans.


Coverage improvement | content

New coverage expands your visibility into assets and threats in your environment:

  • You can now scan PostgreSQL databases for vulnerabilities.


Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.


Product Update IDs

  • Linux 32 | Update ID:  325600181
  • Linux 64 | Update ID: 2002055888
  • Windows 32 | Update ID:  4213274399
  • Windows 64 | Update ID: 2227007723


Content update ID

  • Update ID: 1548422575


Installers

  Released on February 20, 2013 (see the FAQ).


md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:


Attachments

    Outcomes