Nexpose Release Announcements - February 2014

Document created by rebecca carter Employee on Mar 12, 2014Last modified by rebecca carter Employee on Apr 8, 2014
Version 3Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains releases for February, 2014:

 

For current coverage releases go to Nexpose Weekly Release Notes.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


 

This Rapid7® Nexpose® 5.8.11 release contains the following updates:                     

  • application improvements
  • coverage improvements
  • scanning improvements

 

Application improvements | product       

New coverage expands your visibility into assets and threats in your environment:

  • When you run a Vulnerability Trends report based on asset group scope, the report now retains information related to assets that were previously in the group and later removed. This ensures that the report accurately reflects the asset group's history.
  • The Site Listing table on the Home page now displays the Scan Engine currently assigned to the site. This allows you to track Scan Engine deployment at a glance for better management of resources.

 

Coverage improvements | product & content

New coverage expands your visibility into assets and threats in your environment:

  • You can now scan for vulnerabilities in Joomla!, the open-source framework for publishing Web content.


Scanning improvements | product         

New coverage expands your visibility into assets and threats in your environment:

  • Fingerprinting now properly identifies specific TCP services open on some printers and similar devices.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

End-of-life for 32-bit installations


Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.


Product Update IDs

  • Linux 32 | Update ID: 2627473457
  • Linux 64 | Update ID: 2121491426
  • Windows 32 | Update ID: 59567001
  • Windows 64 | Update ID: 1654845757

Content update ID

  • Update ID: 1151910963

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

 


This Rapid7® Nexpose® 5.8.10 release contains the following updates:

  • reporting on policy scan results
  • coverage improvements

Reporting on policy scan results | product

 

You can now report on policy scan results to give your organization visibility into overall compliance with configuration security standards. Version 1.2 of the Reporting Data Model, released with this product update, includes policy compliance results, allowing you to run SQL queries on whether specific assets passed or failed against tested policies. You can also query for the number of rules for which the result was Pass, Fail or Not Applicable. Using the SQL Query Export feature, you can then run CSV-formatted reports. You can also have custom reports created.

 

Coverage improvements | content

New coverage expands your visibility into assets and threats in your environment:

  • Improved fingerprinting of Novell Groupwise services now more efficiently handles cases where the scanned service is not Groupwise.
  • You can now scan for vulnerabilities in VMware Fusion.
  • You can now scan for vulnerabilities in VMware Workstation.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

 

Product Update IDs

 

  • Linux 32 | Update ID: 942578538
  • Linux 64 | Update ID: 1050201250
  • Windows 32 | Update ID:  1811599189
  • Windows 64 | Update ID: 1792134540

 

Content update ID

 

  • Update ID: 2567574405

 

Installer links, md5sum links, and virtual appliance links

 

Click here for the latest installer links, md5sum links, and virtual appliance links.

 


 

This Rapid7® Nexpose® 5.8.9 release contains the following updates:

  • February 2014 Patch Tuesday checks
  • accuracy improvement
  • application improvement


For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

February 2014 Patch Tuesday checks | content

 

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for February 2014. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for February 2014. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Accuracy improvement |  product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • When multiple versions of Microsoft's MSXML service pack are installed, each version is fingerprinted, resulting in more accurate discovery data and vulnerability checks.

 

Application improvement |  product

 

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Windows Java vulnerabilities now display the path to the Java executable file within the vulnerability proof, making it easier to quickly find and resolve issues.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi


End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

 

Product Update IDs

  • Linux 32 | Update ID: 3020573018
  • Linux 64 | Update ID: 1895484780
  • Windows 32 | Update ID:  1887963082
  • Windows 64 | Update ID: 1756894920

 

Content update ID

  • Update ID: 1572889389

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.




 

This Rapid7® Nexpose® 5.8.8 release contains the following updates:

  • coverage improvement
  • application improvements

 

Coverage improvement | content & product

New coverage expands your visibility into assets and threats in your network.

  • The built-in CIS scan template now includes security configuration benchmarks for IBM AIX 7.1. To use these benchmarks, you must apply the product update released on February 5, 2014, or a later update.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • A corrected issue allows you to send log files for distributed Scan Engines to Technical Support.
  • On the Scan Engines page, you can now sort Scan Engines by their last updates, so that you can quickly find Scan Engines that have not been updated recently.
  • If you have the Assign Scan Engine permission, you can now edit and save site configurations.

 

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.


Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links. 


Product Update IDs

 

  • Linux 32 | Update ID: 3388514475
  • Linux 64 | Update ID: 1106263075
  • Windows 32 | Update ID:  501246769
  • Windows 64 | Update ID: 2186599111

 

Content update ID

 

  • Update ID: 736679942

Attachments

    Outcomes