Nexpose Release Announcements - March 2014

Document created by rebecca carter Employee on Apr 8, 2014Last modified by mglinski on May 30, 2014
Version 2Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains releases for March, 2014:

 

For current coverage releases go to Nexpose Weekly Release Notes.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


 

This Rapid7® Nexpose® 5.9 release contains the following updates:

  • application improvements
  • accuracy improvements

Application improvements | product

 

New coverage expands your visibility into assets and threats in your environment:

  • With RealContext, you can now align the knowledge and needs of your business with your vulnerability management program, with the understanding that your organization is unique. Apply context to your assets based on asset ownership, asset location, asset criticality, and other unique attributes that directly reflect your business. RealContext enables you to view, filter, process, and prioritize information for your security program. Use your knowledge of your business as a pivot point for creating targeted reports and remediation plans for stakeholders and teams in a language that they can fully understand.

    Another way you can now leverage the power of RealContext is to affect the level of risk for specific assets. You can now use the criticality level to multiply RealRisk scores, so that you can focus your remediation efforts on assets that are of the most critical importance to the success of your business.

    Click here for a video.

  • A potential "scan hang" issue related to the packet capture framework has been corrected.
  • When using the asset group listing response in the API version 1.1 to manage asset groups, you can now distinguish between static and dynamic groups with a new dynamic attribute.
  • You can now generate reports in Japanese and Simplified Chinese for use by your remediation teams and executives. You also can view Microsoft vulnerability and solution information in those languages.
  • You can now purge old scan and report information from the database and file system to maximize performance and scalability.
  • Remediation steps are now more accurate for vulnerabilities reported in Microsoft Security Bulletin MS13-085.
  • Scans now properly fingerprint the Wireshark packet analyzer.

 

Accuracy improvements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Coverage has been improved for vulnerabilities reported in Microsoft Security Bulletin MS13-081.
  • Solutions for Microsoft vulnerabilities are now easier to use so that you can remediate security flaws more quickly. The number of overlapping remediation steps have been significantly reduced, and they now guide you to applicable Microsoft Knowledge Base articles, where you can download patches.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco
    • ASA
    • IOS
    • PIX
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Joomla!
  • jQuery
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • PostgreSQL
  • Samba
  • SUSE
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi
    • Fusion
    • Player
    • Workstation

End-of-life

32-bit installations

  • Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

For browser support:

  • Rapid7 has ended support for Firefox Extended Support Release (ESR) 17.x in alignment with Mozilla's Extended support policy.
  • Rapid7 will end support for Internet Explorer 8 on April 8, 2014 in alignment with Windows XP end of support.


Product Update IDs

  • Linux 32 | Update ID: 4150547370
  • Linux 64 | Update ID: 1044288662
  • Windows 32 | Update ID: 4197994969
  • Windows 64 | Update ID: 2884372512

Content update ID

  • Update ID: 2635687700

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.


 

This Rapid7® Nexpose® 5.8.14 release contains the following updates:

  • application improvements

Application improvements | product

 

New coverage expands your visibility into assets and threats in your environment:

  • When you copy certain FDCC and CIS policies for editing purposes, the policies display correctly in the Policy Configuration Panel.
  • Risk trend charts now display correctly on the Asset Groups page after the nightly recalculation of trend data. This corrects a display issue related to Dynamic asset groups based on the Last Scan Date filter.
  • An issue that occasionally caused the Top Remediations report to be calculated incorrectly was fixed.
  • An issue that caused Apple Safari solutions to be duplicated in the Top Remediations report was fixed.
  • You can now sort the report owner list alphabetically by user name for easier searching.
  • Certain Common Platform Enumerator (CPE) names for operating systems and software now display properly during discovery scans.
  • The process for identifying unique assets during scans has been improved with new heuristics. For example, you can now scan an asset with multiple network interface cards (NICs) and have it be recognized as one asset. See the topic Viewing Asset Details in Help for more information.
  • You can now view the scan history for an asset with the new Scan History table, displayed on the Asset Summary Page.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco
    • ASA
    • IOS
    • PIX
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Joomla!
  • jQuery
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • PostgreSQL
  • Samba
  • SUSE
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi
    • Fusion
    • Player
    • Workstation

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

 

Product Update IDs

 

  • Linux 32 | Update ID: 2446301938
  • Linux 64 | Update ID: 1192813509
  • Windows 32 | Update ID: 2956331947
  • Windows 64 | Update ID: 2415171807

 

Content update ID

 

  • Update ID: 2111412150

 

Installer links, md5sum links, and virtual appliance links

 

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

 


 

This Rapid7® Nexpose® 5.8.13 release contains the following updates:

  • accuracy improvements
  • March 2014 Patch Tuesday checks

Accuracy improvements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Coverage for several Debian security advisories has been improved.
  • Proofs for vulnerability checks that inspect network services have been improved to give more context as to how a vulnerable or invulnerable result was obtained.

March 2014 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for March 2014. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for March 2014. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco
    • ASA
    • IOS
    • PIX
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Joomla!
  • jQuery
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • PostgreSQL
  • Samba
  • SUSE
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi
    • Fusion
    • Player
    • Workstation

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

  • Linux 32 | Update ID: 1278356403
  • Linux 64 | Update ID: 3126928040
  • Windows 32 | Update ID: 1363140127
  • Windows 64 | Update ID: 969931703

Content update ID

  • Update ID: 4228083241

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.


 

This Rapid7® Nexpose® 5.8.12 release contains the following updates:

  • accuracy improvements
  • coverage improvements
  • scanning improvement

 

Coverage improvements | product & content

New coverage expands your visibility into assets and threats in your environment:

  • You can now scan for vulnerabilities in the Amazon AMI Linux platform.
  • You can now assess your asset configuration for compliance with Defense Information Systems Agency (DISA) standards. A new built-in scan template allows you to scan with policies and tuned settings specifically developed for DISA assessment. New DISA policies provide compliance coverage for Microsoft Windows 8, Windows 7, and Windows 2008 operating systems. All DISA policies are contained within a single category, named DISASTIGS, so that you can easily select this category when configuring a custom scan template.

Scanning improvement | product

New coverage expands your visibility into assets and threats in your environment:

  • Policy scans now manage memory more efficiently.

 

Accuracy improvements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Coverage of the CVE-2012-0053 vulnerability for Apache HTTPD has been improved.
  • Potential false positives have been corrected in checks for the the vulnerabilty reported in Microsoft Security Bulletin MS13-069 and related Internet Explorer vulnerabilities.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco
    • ASA
    • IOS
    • PIX
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Joomla!
  • jQuery
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • PostgreSQL
  • Samba
  • SUSE
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi
    • Fusion
    • Player
    • Workstation

 

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.


Product Update IDs

  • Linux 32 | Update ID: 576989715
  • Linux 64 | Update ID: 2765656317
  • Windows 32 | Update ID: 2076255849
  • Windows 64 | Update ID: 2496679448

Content update ID

  • Update ID: 3513932914

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.


Attachments

    Outcomes