December 2014 Release Notes

Document created by rebecca carter Employee on Jan 7, 2015Last modified by rebecca carter Employee on Jan 8, 2015
Version 2Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats, Rapid7 releases coverage updates for Nexpose on a weekly basis. Product IDs and installer links are added the day of the release. This page contains detailed announcements for the most recent Nexpose coverage releases:


   

 

This Rapid7® Nexpose® 5.11.12 release contains recurring coverage.
                                                                                                                                         

Recurring coverage | content

                                                

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                                            

Coming soon!


An improved, comprehensive scanning approach is coming soon for Nexpose users. The enhancement will enable you to do targeted scanning by applying different templates to the same site. This will streamline your workflow and cover use cases such as scanning the same assets for different types of vulnerabilities and accumulating the data from those different checks accordingly.

To learn more about this change, open the Welcome to Help page of the Nexpose Help, and open the link from the Coming soon! item in the What's new in Help? box.

 

Installer links, md5sum links, and virtual appliance links


Click here for the latest installer links, md5sum links, and virtual appliance links.


FAQ


For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 292472011
  • Windows 64 | Update ID: 3615682297

      

Content update

 

  • Update ID: 1431753136

                


   

 

This Rapid7® Nexpose® 5.11.11 release contains the following improvements:

  • accuracy improvement
  • application improvements
  • recurring coverage

    

Accuracy improvement | content & product


Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

                                    

  • Microsoft Office vulnerability checks now target the specific vulnerable component(s), such as Word or Excel, when applicable. This change requires the December 17 product update.

                                      

Application improvements | product

                                    

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Deleted assets no longer appear in non-trend reports when you don't enable the Use the last scan data only option in the report configuration. Deleted assets should only appear in reports that are configured to include them or reports related to specific scans that included those assets.
  • A corrected configuration issue allows you to edit a Database Export report without having to re-enter your database credentials.
  • The fingerprinter now identifies individual Microsoft Office 2013 components, such as Word and Excel.

                                                                                                 

Recurring coverage | content

                                      

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                                  

Coming soon!


An improved, comprehensive scanning approach is coming soon for Nexpose users. This enhancement will enable you to do targeted scanning by applying different templates to the same site to streamline your workflow. Nexpose will be able to scan the same assets with a combination of schedules and templates. For example, you can scan for CIS compliance once a month, scan for all vulnerabilities every week, and scan for selected vulnerabilities once a day from the same site. Nexpose will merge the results appropriately to give you a comprehensive view of risk to your sensitive assets with less effort.


To learn more about this change, open the Welcome to Help page of the Nexpose Help, and open the link from the Coming soon! item in the What's new in Help? box.

 

Installer links, md5sum links, and virtual appliance links


Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ


For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 3305927597
  • Windows 64 | Update ID: 2349064451

 

Content update

 

  • Update ID: 4157674777

    


   

 

This Rapid7® Nexpose® 5.11.10 release contains Patch Tuesday coverage as well as the following improvements:

  • accuracy improvements
  • coverage improvements
  • application improvement
  • recurring coverage

 

December Patch Tuesday checks | content

            

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for December 2014. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for December 2014. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.


Accuracy improvements | content & product


Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:                                         

  • Coverage has been updated and improved for the following Cisco vulnerabilities:
    • SAN and NX-OS
    • NX-OS Shellshock
  • The CIFS account password never expires vulnerability check now only tests user accounts for expiration. It no longer flags workstation, server, or domain trust accounts.

                              

Application improvement | product

                              

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An issue that prevented some scan schedules from being edited successfully has been fixed.

                              

Coverage improvements | product

                              

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • You can now run unauthenticated PCI checks on Symantec pcAnywhere for obsolete and unsupported versions, as well as lack of encryption in client/host transmissions.
  • Coverage is now available for all product advisories for the lighttpd Web server.
  • New coverage is available for CVE-2014-8730, a vulnerability in TLS 1.x that allows incorrect padding. Detection of this vulnerability requires unsafe checks to be enabled.

                              

Recurring coverage | content

                              

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                          

Coming soon!


An improved, comprehensive view of your vulnerabilities is coming soon. Nexpose will start to merge the latest vulnerability results over multiple scans in the Web interface and in reports. For example, if you modify your site's scan template to check for a zero-day vulnerability and run a scan, the zero-day vulnerability results will be merged into a consolidated view. You will continue to be able to view the results from a specific scan, such as the most recent one. This improvement may impact your risk scores and the amount of vulnerabilities displayed in the Web interface and in reports. We will keep you posted on the ship date and additional details as we get closer to launch!

To learn more about this change, open the Welcome to Help page of the Nexpose Help, and open the link from the Coming soon! item in the What's new in Help? box.

 

Installer links, md5sum links, and virtual appliance links


Click here for the latest installer links, md5sum links, and virtual appliance links.


FAQ


For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 3716317734
  • Windows 64 | Update ID: 1697575701

 

Content update

 

  • Update ID: 1273926218

 


   

 

This Rapid7® Nexpose® 5.11.9 release contains the following improvements:              

  • accuracy improvements
  • application improvement
  • recurring coverage

                                        

Accuracy improvements | content

            

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:                                         

  • Oracle Database checks from the October 2014 Critical Patch Update have been updated to reflect the changes Oracle made to the advisory.
  • Oracle Solaris checks were updated to address false positives and to provide cleaner descriptors and better CVE mapping.

                                                                        

Application improvements | product

 

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An Issue that prevented scan schedules from appearing in the Security Console on multi-tenant installations has been corrected.
  • An issue that prevented the ability to edit scan schedules has been corrected.

              

Recurring coverage | content

              

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

          

Coming soon!


An improved, comprehensive view of your vulnerabilities is coming soon. Nexpose will start to merge the latest vulnerability results over multiple scans in the Web interface and in reports. For example, if you modify your site's scan template to check for a zero-day vulnerability and run a scan, the zero-day vulnerability results will be merged into a consolidated view. You will continue to be able to view the results from a specific scan, such as the most recent one. This improvement may impact your risk scores and the amount of vulnerabilities displayed in the Web interface and in reports. We will keep you posted on the ship date and additional details as we get closer to launch!

To learn more about this change, open the Welcome to Help page of the Nexpose Help, and open the link from the Coming soon! item in the What's new in Help? box.

 

Installer links, md5sum links, and virtual appliance links


Click here for the latest installer links, md5sum links, and virtual appliance links.


FAQ


For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 4109002443
  • Windows 64 | Update ID: 657531292

 

Content update

 

  • Update ID: 566156957

 


Attachments

    Outcomes