Updates to Python Installed Packages detection for Windows

Summary

Tenable’s plugin to enumerate installed Python packages on Windows targets will be re-enabled after addressing issues that impacted some systems.

Change

Before this update, plugin 181215, Python Installed Packages (Windows) was disabled. The plugin searches the filesystem of a Windows scan target to find installed Python packages and enumerate them, so that vulnerabilities in the packages can be detected. The plugin was designed to search at a filesystem depth that would result in the most thorough discovery of these packages.

The plugin inadvertently exposed an issue with some Microsoft Entra ID-joined Windows assets, whose authenticated sessions within Microsoft 365 applications like Teams and Office were maintained by “broker” files. When these files were observed during a scan, the brief filesystem lock would cause the authenticated sessions to permanently fail until the broker plugin was reinstalled. This issue was documented in this Tenable KB article.

In the two years since this issue was identified, Tenable Research has updated the plugin code and performed exhaustive testing to ensure the files would be ignored:

• The depth of filesystem directory recursion was reduced;
• The directories on disk where these files sit were explicitly excluded from scans.

Testing included scans against Entra ID-joined machines with authenticated Microsoft 365 apps, and no recurrence of the prior issue was observed.

After the update, this plugin will once again be available for customers, so that Python packages can be enumerated on their Windows machines.

Impact

Reports of detections and vulnerabilities for Python packages on Windows machines will show in scan results.

Plugin

181215 - Python Installed Packages (Windows)

Target Release Date

November 4, 2024