New

• Microsoft Patch Tuesday coverage. This release includes updated scan coverage for July 2022. Check out our blog post  for details.

• Remote Check. We added a remote check for CVE-2022-29499, an unauthenticated remote code execution vulnerability affecting Mitel MiVoice Connect.

• DISA Benchmarks. We added built-in support for the following DISA benchmarks:

  • Apache Server 2-4 UNIX Site STIG - version 2, release 2
  • Canonical Ubuntu 18.04 LTS STIG Benchmark - version 2, release 6
  • Canonical Ubuntu 20.04 LTS STIG Benchmark - version 1, release 2
  • Microsoft Windows Server 2012 R2 DC STIG Benchmark - version 3, release 3
  • Microsoft Windows Server 2016 STIG Benchmark - version 2, release 2
  • Microsoft Windows Server 2019 STIG Benchmark - version 2, release 2
  • Microsoft Windows Firewall STIG Benchmark - version 2, release 1
  • MS IIS 8-5 Site STIG - version 2, release 5
  • Oracle Linux 8 STIG Benchmark - version 1, release 1

Improved

• Custom Report Template. Custom Report Templates where vulnerability exceptions have been added now capture exceptions linked to an asset group.

• Scan Engine. The Scan Engine now excludes certain backup directories including the /var/lib/docker directory from authenticated scans. This fixes an issue where authenticated scanning of some Unix and macOS assets could cause the scan engine to run out of memory.

Fixed

• Password confirmation is now required for both current and new passwords. An error message displays if nothing is entered or does not match the previous entry.

• Volume licensed Microsoft Office products are no longer incorrectly identified as Microsoft 365.

• Version 2.3.0 of the Reporting Data Model the most_recently_discovered field of fact_asset_vulnerability_age is no longer affected by discovery or aggressive discovery scans.

  • Note: This change has since been reverted. For details, see the release notes for product version 6.6.153.