Nexpose release announcements - February 2015

Document created by mglinski Employee on Mar 10, 2015
Version 1Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats, Rapid7 releases coverage updates for Nexpose on a weekly basis. Product IDs and installer links are added the day of the release. This page contains detailed announcements for the most recent Nexpose coverage releases:


   

 

This Rapid7® Nexpose® 5.12.6 release contains:

              

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

    • Action required: A Scan Engine update is required in order to install some back-end enhancements that will support upcoming features.
    • The page for an asset group now includes a scatter plot chart of assets by risk and number of vulnerabilities. This can help you prioritize your remediations.
    • The asset correlation algorithm for authenticated scans on Windows, Linux, and OS X devices now considers additional factors, leading to better accuracy in distinguishing assets.
    • Scan Engines will now be updated up to the console's version when automatic product updates are disabled. This ensures that an engine is not running an older version than the console with which it is paired.
    • The formatting of tables on the Assets page has been given an updated look and feel.
    • You now have the ability to change schedules on a site while another scheduled scan is paused.
    • You can now select the time zone in which a scan schedule will run.
                                         

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Concurrent scans can now be run on the same site, provided the schedules use unique scan templates.
                                              

Recurring coverage | content

                                            

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 3063294496
  • Windows 64 | Update ID: 1662213339

 

Content update

 

  • Update ID: 3590024915

   

 

This Rapid7® Nexpose® 5.12.5 release contains:

          

Accuracy improvement | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

                                         
  • We have added a new feature that improves the accuracy of chained vulnerability checks, particularly those for Microsoft coverage. Both content and product updates from the February 18, 2015, release are required; failure to update the product will result in false positive results for some Microsoft vulnerabilities.
                                           

Coverage improvement |  content

New coverage expands your visibility into assets and threats in your environment:

  • Coverage is now available for all product advisories for Cisco TelePresence.

Application improvements | content & product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Vulnerability exception tables on the Exceptions and Overrides and asset detail pages now load faster to reduce your review time.
  • We have corrected an issue that caused some custom reports to fail during report generation.
  • We have resolved an issue that caused the site identifier of assets to not be returned in the AssetGroupConfigResponse element in the API.
  • We have addressed an issue that could cause asset information not to update during scans for some assets, due to a bug that created duplicate operating system fingerprints in certain situations that affected a limited number of customers.
  • We have corrected an issue that could cause dynamic asset groups with Host type filters set to Unknown to not correctly update their membership after a scan completes.
  • We have addressed an issue that prevented discovery of Amazon AWS assets in some situations.
  • We have resolved an issue that prevented results from updating properly with scans that use exhaustive scan templates and have all ports enabled. This issue occurred in other circumstances, which also have been addressed.
                                                                                                      

Recurring coverage | content

                                          

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 787980439
  • Windows 64 | Update ID: 4053871457

 

Content update

 

  • Update ID: 487593046

         


   

 

This Rapid7® Nexpose® 5.12.4 release contains:

     

February Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for February 2015. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for February 2015. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Application improvements | content & product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • CSV Export templates that include the Vulnerability Proof column now insert a blank cell when no vulnerability proof is provided. This resolves an issue where some CSV exports would have some data in the wrong columns when viewed in Microsoft Excel and other tools.
  • The TLS/SSL Server Supports SSL version 3 (POODLE) vulnerability now includes the proof message as originally intended. The message will appear on scans conducted after the February 11, 2015, product update.

Coverage improvement |  content & product

New coverage expands your visibility into assets and threats in your environment:

  • The built-in CIS scan template now includes security configuration benchmarks for Oracle Solaris 11.
                              

Accuracy improvement | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Unauthenticated check coverage is now available for Postfix. All vulnerabilities discovered in these unauthenticated scans are potential.
                                       

Recurring coverage | content

                                     

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 2436664677
  • Windows 64 | Update ID: 3444736561

 

Content update

 

  • Update ID: 2028628361

    


   

 

This Rapid7® Nexpose® 5.12.3 release contains:

Coverage improvements |  content

New coverage expands your visibility into assets and threats in your environment:

  • Coverage has been added for the Adobe Flash security bulletin APSB15-04.
                                                                                      

Recurring coverage | content

                           

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

 

Product Update IDs

 

  • Linux 64 | Update ID: 2047367266
  • Windows 64 | Update ID: 2097583208

 

Content update

 

  • Update ID: 732924186

 


   

 

This Rapid7® Nexpose® 5.12.2 release contains:

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The Modified Date column has been added to the Vulnerabilities table on the Vulnerabilities page. This allows you to quickly identify recently modified vulnerability checks.
  • The API now supports new scheduling features, including multiple schedules per site, the ability to set a scan template per schedule, and a means of defining a schedule without a start date.
  • We have addressed an issue introduced in the January 28, 2015, release that could cause the scan integration of an asset to fail under certain circumstances.
                                                                                   

Recurring coverage | content

                       

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.


Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 607870184
  • Windows 64 | Update ID: 1306559992

 

Content update

 

  • Update ID: 4201757258

Attachments

    Outcomes