Release Notes

New

• New remote check for SolarWinds SUNBURST: We added a remote check for the SolarWinds SUNBURST backdoor supply chain attack. Check out our blog post for the latest information, mitigation guidance, and updates as they become available.

Improved

• Updated Defense Information Systems Agency (DISA) policies: We updated the following DISA benchmarks:
  • Microsoft Windows Server 2019 STIG Benchmark - Ver 2, Rel 1
  • Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark - Ver 3, Rel 1
  • Microsoft Windows Server 2016 STIG Benchmark - Ver 2, Rel 1
  • Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark - Ver 3, Rel 1
  • Microsoft Windows 10 STIG Benchmark - Ver 2, Rel 1
  • Microsoft Windows Defender Antivirus STIG Benchmark - Ver 2, Rel 1
• Reduced scan times for Windows assets: The Scan Engine will now collect a reduced amount of registry data from Windows scan targets to improve scan times on those assets.

Fixed

• We fixed a false positive affecting our No authentication for single user mode vulnerability check.
• We fixed a validation issue in APIv3 that prevented the PUT /api/3/users/{id}/sites/{siteId} call from adding individual site access to a user that already has access to all asset groups.
• We fixed an issue that caused the Vulnerability Trends report to generate as a blank document.
• We fixed an issue that prevented Azure asset data from being stored properly in the Security Console.
• We fixed an issue with our Adobe Flash fingerprinting process that would lead to inaccurate results if the software was installed without any associated version information.
• We fixed an issue with our Nmap service enumeration-based PostgreSQL fingerprinting process that would lead to inaccurate results if the software was installed without any associated version information.