Nexpose Release Announcements for August 2016

Document created by S Tempest Employee on Aug 2, 2016Last modified by Michael Kriskovic on Aug 29, 2016
Version 6Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats, Rapid7 releases coverage updates for Nexpose on a weekly basis. Product IDs and installer links are added the day of the release. This page contains detailed announcements for the most recent Nexpose coverage releases:

 


This Rapid7® Nexpose® 6.3.10 release includes:


Accuracy enhancements | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • In order to address false positives, the application no longer flags systems with up-to-date versions of Google Chrome as having RC4 vulnerabilities.
  • We have improved fingerprinting accuracy of Cisco NX-OS systems.
  • We have improved fingerprinting accuracy of the Pepper Flash plugin for Google Chrome on Windows systems.
  • We have improved the SSH/Telnet banner detection on Cisco ASA devices.


Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • We have addressed an issue where the console could go into Maintenance Mode when activating a license after upgrading to version 6.3.9.
  • Scan schedules and blackouts that conflict with each other may now be saved if one is disabled.


Scanning enhancements |  product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • We have addressed an issue that could cause scans to terminate prematurely when fingerprinting McAfee virus definitions.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 1784501993
  • Windows 64 | Update ID: 3750637712

This Rapid7® Nexpose® 6.3.9 release includes:


Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • We have enhanced credential and shared credential testing capabilities for systems configured with SNMPv1/v2 and SNMPv3.


Scanning enhancements | content & product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • We have limited the number of concurrent connections against Windows systems to improve scan performance over higher latency networks.


Accuracy enhancements | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • VMware ESX(i) fingerprinting has been updated to discover latest update versions of VMware ESX(i).
  • Accuracy of Adobe Flash plug-in fingerprinting has been improved for ActiveX, Microsoft Edge, and Mozilla Flash plug-ins on Windows.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 4092883645
  • Windows 64 | Update ID: 3906972776

This Rapid7® Nexpose® 6.3.8 release includes:


Coverage for August Patch Tuesday exposures | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for August 2016. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for August 2016. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.


Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • We have fixed an issue that caused the Security Console calendar to display events that spanned two months incorrectly when the user is viewing the second month.
  • We have fixed an issue that could prevent scan engine status from being updated immediately in the Security Console after the Scan Engine was restarted.
  • We have changed the name of the 'Scan Duration' column to 'Total Elapsed Scan Time'. The new column name enables users to clearly identify the total amount of time, which includes any idle time and active scan time, that has elapsed since the start of the scan.
  • We have fixed an issue that prevented more than 20 Discovery Connections from displaying at a time.
  • We have improved interoperability with stateful firewalls and stateful routers by enabling support for TCP keepalive when communicating between the Security Console and Scan Engine.


Scanning enhancements | content & product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • We have fixed a problem that causes a scan request to not be paused successfully.
  • We have resolved an issue that causes scans to hang when an asset does not support encrypted passwords using the CIFS protocol.


Accuracy enhancements | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • The vulnerability check for click jacking now evaluates the value of Content-Type in order to reduce false positives.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 1750380391
  • Windows 64 | Update ID: 2653916627

This Rapid7® Nexpose® 6.3.7 release includes:


Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The application will now write CPU/memory statistics to the scan log if enhanced logging is enabled.
  • We have resolved an issue that could prevent scan engine status from being updated immediately in the Security Console after the Scan Engine was restarted.


Accuracy enhancements | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • An issue that could cause false positives under certain scenarios when trying to detect readable CIFS shares has been resolved.


Recurring coverage | content

New and updated vulnerability checks help protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 1223746672
  • Windows 64 | Update ID: 3622252944

 

1 person found this helpful

Attachments

    Outcomes