New
Microsoft Patch Tuesday coverage. This release includes updated scan coverage for July 2022. Check out our blog post for details.
Remote Check. We added a remote check for CVE-2022-29499, an unauthenticated remote code execution vulnerability affecting Mitel MiVoice Connect.
DISA Benchmarks. We added built-in support for the following DISA benchmarks:
- Apache Server 2-4 UNIX Site STIG - version 2, release 2
- Canonical Ubuntu 18.04 LTS STIG Benchmark - version 2, release 6
- Canonical Ubuntu 20.04 LTS STIG Benchmark - version 1, release 2
- Microsoft Windows Server 2012 R2 DC STIG Benchmark - version 3, release 3
- Microsoft Windows Server 2016 STIG Benchmark - version 2, release 2
- Microsoft Windows Server 2019 STIG Benchmark - version 2, release 2
- Microsoft Windows Firewall STIG Benchmark - version 2, release 1
- MS IIS 8-5 Site STIG - version 2, release 5
- Oracle Linux 8 STIG Benchmark - version 1, release 1
Improved
Custom Report Template. Custom Report Templates where vulnerability exceptions have been added now capture exceptions linked to an asset group.
Scan Engine. The Scan Engine now excludes certain backup directories including the
/var/lib/dockerdirectory from authenticated scans. This fixes an issue where authenticated scanning of some Unix and macOS assets could cause the scan engine to run out of memory.
Fixed
Password confirmation is now required for both current and new passwords. An error message displays if nothing is entered or does not match the previous entry.
Volume licensed Microsoft Office products are no longer incorrectly identified as Microsoft 365.
Version 2.3.0 of the Reporting Data Model the
most_recently_discoveredfield offact_asset_vulnerability_ageis no longer affected by discovery or aggressive discovery scans.- Note: This change has since been reverted. For details, see the release notes for product version 6.6.153.