Nexpose release announcements for January 2016

Document created by Rapid7 Learning Team Employee on Jan 5, 2016Last modified by Rapid7 Learning Team Employee on Jan 27, 2016
Version 11Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats, Rapid7 releases coverage updates for Nexpose on a weekly basis. Product IDs and installer links are added the day of the release. This page contains detailed announcements for the most recent Nexpose coverage releases:


This Rapid7® Nexpose® 6.1.8 release includes:


Accuracy enhancements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We have addressed the manifestation of false positives for CESA-2011-0558 and CESA-2011-1424.


Coverage enhancements | content

New coverage expands your visibility into assets and threats in your environment:

  • New Center for Internet Security (CIS) policies now provide compliance coverage for Oracle Database 12c.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 3294885920
  • Windows 64 | Update ID: 4180035615

Content update ID

  • Update ID: 3166896269

 


This Rapid7® Nexpose® 6.1.7 release includes:


Accuracy enhancements  | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We have improved the accuracy in determining asset names by having authenticated scans of Unix-like systems utilize the hostname and uname -n commands to determine asset names.


Application enhancements | product

Changes to how the application integrates and presents scan data and performance enhancements to help you to manage security issues more effectively:

  • We have increased the robustness of post-scan report generation in multi-tenant environments.
  • We have improved the accuracy of the historical asset count in cases where vulnerability exceptions are applied to scopes that include deleted assets.
  • We have updated Data Retention to ensure scan data is deleted when it is specified as a scope in an existing report configuration.
  • We simplified the scheduling of scans and blackouts by basing them on the date chosen in the date selection tool.
  • We have resolved an issue that caused Data Warehouse to fail for imported assets.
  • We have decreased the time it takes to display the output when searching for reports.


Scanning enhancements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • We have reduced the memory used by a scan engine when performing authenticated scans of Windows assets.
  • The situation that caused low performance on Linux vulnerability checks by excessive parallelism has been resolved.
  • We have added a new feature which allows Windows services to be temporarily enabled for Windows assets while they are being scanned.


Accuracy enhancements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We have addressed the manifestation of false positives for MS11-020, MS10-054, and MS10-012.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 4188105217
  • Windows 64 | Update ID: 1994641416

Content update ID

  • Update ID: 1709305154

 


This Rapid7® Nexpose® 6.1.6 release includes:

January Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for January 2016. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for January 2016. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.


Accuracy enhancements  | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We improved identification of needed Microsoft solutions by addressing the modified date of certain descriptors.
  • With the addition of a step to the Apache httpd solution chain, the Top Remediation Report now produces the correct solution.
  • The Windows obsolete version check was enhanced to include standard editions of Windows 2003 and Windows 2003 R2.
  • The accuracy of the http-generic-click-jacking vulnerability check was enhanced to minimize false positives.


Application enhancements | product

Changes to how the application integrates and presents scan data and performance enhancements to help you to manage security issues more effectively:

  • We have resolved an issue that prevented saving a report configuration when a sender email address was entered.
  • We have addressed an issue where toggling the engine/console communication setting from the user interface did not take effect.
  • We have resolved an issue where a Discovery Scan could result in an unknown operating system fingerprint.


Coverage enhancements | content

New coverage expands your visibility into assets and threats in your environment:

  • New Center for Internet Security (CIS) policies now provide compliance coverage for Windows 10.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 4063864669
  • Windows 64 | Update ID: 1160353455

Content update ID

  • Update ID: 628930724

 


This Rapid7® Nexpose® 6.1.5 release includes:


Accuracy enhancements  | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We have resolved an issue which may have caused vulnerability checks for Microsoft Security Bulletin MS11-069 to behave incorrectly. See Nexpose Two Factor Authentication.


Application enhancements | product

Changes to how the application integrates and presents scan data and performance enhancements to help you to manage security issues more effectively:

  • The product can now use two-factor authentication by generating a token and using Google Authenticator.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 2786132006
  • Windows 64 | Update ID: 2461658765

Content update ID

  • Update ID: 1449475722

 

Attachments

    Outcomes