Nexpose release announcement -  January 2015

Document created by S Tempest Employee on Feb 4, 2015Last modified by mglinski on Mar 10, 2015
Version 2Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats, Rapid7 releases coverage updates for Nexpose on a weekly basis. Product IDs and installer links are added the day of the release. This page contains detailed announcements for the most recent Nexpose coverage releases:


   

This Rapid7® Nexpose® 5.12.1 release contains the following update:

Product update

  • This release resolves an error that could prevent the application from starting properly after the first January 28 product update is applied and the host operating system restarts. This issue only applied to Linux machines.

 

Product Update IDs

    

  • Linux 64 | Update ID: 921460024
  • Windows 64 | Update ID: 4087175072

 

This Rapid7® Nexpose® 5.12.0 release contains these major feature updates:

  • GHOST coverage
  • New site creation interface
  • Targeted scanning
  • Custom certificate store
  • Reporting data model update
                

GHOST coverage

Coverage has been added for CVE-2015-0235.

New site creation interface

The Site Configuration page has been enhanced and reorganized to centralize a number of important site-related operations and deliver a clean, more stream-lined workflow.
multiple schedule.png
Some of the key features included in the new site creation interface are the ability to use multiple templates and assign multiple schedules per site.
For a video on the new interface, check out: Exploring the Nexpose Site Creation Interface

Targeted scanning

Get more comprehensive results with targeted scanning. This new feature allows you to apply different templates and schedules to the same site. The application will merge the results with each scan to give you a more in-depth view of your risk. This enhancement is also ideal for zero-day scenarios because it lets you use an existing site and apply a different template and have your assets retain the previous scan history. 

Custom certificate store

The application now allows you to import Root certificates that were expressly created by trusted Certificate Authorities for targets you want to scan. You can now upload self-signed certificates as trusted certificates. This allows you to avoid false positives when scanning targets with valid certificates that are not on the preset list of commonly used trusted certificates.

  cert store.png

Reporting data model update

The Reporting Data Model has been updated to version 1.4.0. This update is necessary to support targeted scanning specifically for users who have customized reports.

Additional update

Discovery scans will now update the last scan date of an asset, but will not remove any other assessment data.

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

Product Update IDs

  • Linux 64 | Update ID: 2023638725
  • Windows 64 | Update ID: 741662489
      

Content update

  • Update ID: 3830231526
                

   

 

This Rapid7® Nexpose® 5.11.16 release contains:

Coverage improvements |  content & product

New coverage expands your visibility into assets and threats in your environment:

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 3650364625
  • Windows 64 | Update ID: 2679714775

 

Content update

 

  • Update ID: 3255353654

          


   

 

This Rapid7® Nexpose® 5.11.15 release contains:

Application improvements | product

 

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An issue that could potentially cause scheduled scans to abort after a console restart has been fixed. This issue only applied to scans with engine pools.

 

Recurring coverage | content

                                  

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                              

Coming soon!

The Site Configuration page will be reorganized to centralize a number of important site-related operations and deliver a clean, more stream-lined workflow. The refresh also includes the ability to assign multiple templates and schedules to a site.

new site config for release notes.jpg

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 3547413237
  • Windows 64 | Update ID: 1185278452

 

Content update

 

  • Update ID: 1701350437

 


   

 

This Rapid7® Nexpose® 5.11.14 release contains:

January Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for January 2015. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for January 2015. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Accuracy improvement | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

                                                         

  • An issue that prevented HTTPS servers with certain SSL configurations from being fingerprinted correctly has been resolved.
  • The application now fingerprints the Microsoft DNS service without credentials.

Recurring coverage | content

                                                         

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                                                     

Coming soon!

An improved, comprehensive scanning approach is coming soon for Nexpose users. The enhancement will enable you to do targeted scanning by applying different templates to the same site. This will streamline your workflow and cover use cases such as scanning the same assets for different types of vulnerabilities and accumulating the data from those different checks accordingly.

To learn more about this change, open the Welcome to Help page of the Nexpose Help, and open the link from the Coming soon! item in the What's new in Help? box.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 1893041253
  • Windows 64 | Update ID: 535537531

 

Content update

 

  • Update ID: 2131002197

 


   

This Rapid7® Nexpose® 5.11.13 release contains:

Accuracy improvement | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

                    
  • The accuracy of vulnerability checks for Windows kernel-level drivers has been improved. This affects the following advisories: MS14-079, MS14-058, MS14-045, MS14-039, MS14-015, MS14-003, MS13-101, MS13-081, MS13-076, MS13-053, MS13-046, MS13-036, MS13-016, MS13-005, MS12-078, MS12-075, MS12-055, MS12-047, MS12-041, MS12-018, MS12-008, MS11-087, MS11-084, MS11-077, MS11-054, MS11-041, MS11-034, MS11-012, MS10-98, MS10-073, MS10-048, and MS10-032.

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

Product Update IDs

  • Linux 64 | Update ID: 1601037038
  • Windows 64 | Update ID: 4155405468

Content update

  • Update ID: 3216031281

Attachments

    Outcomes