Output Normalization and Compliance IDs Change Summary: In...
Output Normalization and Compliance IDs Change Summary: In an effort to normalize the output from the compliance plugins, and provide a consistent identifier for the output, we are releasing a patch to many of the compliance plugins that provides fixes for the following: Adds identifiers to many of the results for consistent tracking. Cleans up the end of output whitespace for actual policy values. Fixes to results output in order to identify warnings for errors and use of medium severity in checks more clearly. All compliance plugins have been updated, with the exception of the Windows and SCAP/OVAL plugins. Potential Impacts: Any customers that rely on exact content matches of actual values by using third party tools or custom audit files may have failed results following the update. This would include customers that use the known good functionality from tools that provide baseline or gold image auditing. Target Release Date: 6 April 2020 Additional Notes: In the upcoming quarters we will be releasing more detailed updates to each plugin, which will include updating the Windows plugin. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
Tenable releases coverage for Microsoft’s March 2020 Patch...
Tenable releases coverage for Microsoft’s March 2020 Patch Tuesday This month Microsoft again patched a massive number of CVE's in their March 2020 Patch Tuesday Update. 115 CVE's were patched this month, with just over half of those being fixes for elevation of privilege vulnerabilities. 26 of those 115 CVE's were rated as critical and 31 were remote code execution (RCE) vulnerabilities. This month’s patches include Microsoft Windows, Microsoft Office, Microsoft Edge, Internet Explorer, ChakraCore, Microsoft Exchange Server, Azure DevOps, Windows Defender, Visual Studio, Microsoft Office Services and Web Apps, Azure and Microsoft Dynamics. You can read more about this and our breakdown of some the most important CVE's from this month's Patch Tuesday by reading our blog.Tenable releases coverage for Microsoft’s February 2020...
Tenable releases coverage for Microsoft’s February 2020 Patch Tuesday This month, Microsoft's Patch Tuesday includes patches for a staggering 99 CVE's across a variety of Microsoft products. This update contains 17 remote code execution flaws and 12 vulnerabilities rated as critical. This month’s updates include patches for Microsoft Windows, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Office Service and Web Apps, Windows Malicious Software Removal Tool and Windows Surface Hub. An important fix this month is for CVE-2020-0674, a remote code execution vulnerability in Microsoft Internet Explorer. The flaw was first reported as a zero-day exploited in the wild in January. While an out-of-band advisory was released to offer mitigation steps, the release for February includes a patch for this flaw and several additional memory corruption flaws found in the Microsoft Scripting Engine. You can read more about our analysis of some of the most important updates from this months Microsoft Patch Tuesday on our blog.Tenable releases coverage for December 2019 Microsoft Patch...
Tenable releases coverage for December 2019 Microsoft Patch Tuesday Microsoft closes out the last Patch Tuesday of the year for 2019 with a relatively smaller than usual number of CVE's getting patches. In this months update 36 CVE's were patched with only 7 being rated as critical. One of the most important updates this month is CVE-2019-1458, an elevation of privilege vulnerability in Microsoft Windows that occurs when the Win23k component fails to properly handle objects in memory. An attacker who is able to log onto the system could execute a specially crafted application to exploit this flaw to run arbitrary code in kernel mode. Microsoft’s advisory notes this vulnerability has been exploited in the wild, and according to researchers Anton Ivanov and Alexey Kulaev of Kaspersky Lab is connected to another zero-day exploit in Google Chrome that the researchers disclosed in November. Follow along as we discuss some of the important updates released this month by reading our blog. Release Date: 10 December 2019Tenable releases coverage for October 2019 Microsoft Patch...
Tenable releases coverage for October 2019 Microsoft Patch Tuesday Microsoft’s October 2019 Patch Tuesday contains updates for 59 CVEs, only 9 of which are rated critical. With an unusually small number of CVE's patched this months, administrators can rejoice. This month we highlight another remote code execution in the Remote Desktop Client. This has been a common theme lately as it appears Microsoft continues to audit code in the wake of BlueKeep and DejaBlue. We also cover some other important RCE's patched this month in the VBScript engine and the MSXML parser to name a few. Follow along as we discuss some of the important updates released this month by reading our blog. Release Date: 8 October 2019Tenable releases coverage for October 2019 Microsoft Patch...
Tenable releases coverage for October 2019 Microsoft Patch Tuesday Microsoft’s November 2019 Patch Tuesday contains updates for 74 CVEs, including 13 which are rated critical. This includes a patch for an Internet Explorer vulnerability that has been seen exploited in the wild. This month’s release covers 16 remote code execution (RCE) vulnerabilities and 27 elevation of privilege (EoP) flaws across a variety of products. Additionally, Microsoft has patched an increased number of vulnerabilities in Hyper-V, a number of which were denial of service (DoS) flaws. The following is a breakdown of the most important CVEs from this month’s release. Follow along as we discuss some of the more important CVE's in our blog. As a reminder, Windows 7 support is set to be discontinued on January 14, 2020. We strongly recommend reviewing your network for hosts still running on Windows 7 and ensuring plans for migration are underway. Plugin ID 11936 (OS Identification) can be useful for identifying hosts that are still running on Windows 7. Release Date: 12 November 2019Unix MACOSX_DEFAULTS_READ custom plist path enhancement...
Unix MACOSX_DEFAULTS_READ custom plist path enhancement Plugin 21157 - Unix Compliance Target Release Date 18 Nov 2019 Change Currently, the Unix MACOSX_DEFAULTS_READ check type only audits plist files in the default preference path, '/Users/username/Library/Preferences'. This enhancement allows for the specification of custom paths used in popular mobile device management (MDM) software packages, such as '/Users/username/Library/Managed Preferences/' To use the change in a custom audit, add the new flag 'managed_path' to each check needing the path. Example: <custom_item> type : MACOSX_DEFAULTS_READ description : "Example check using a managed_path" regex : "1" plist_item : "HasMigratedDefaults" plist_name : "com.apple.Terminal" plist_option : CANNOT_BE_NULL managed_path : "/Library/Managed\ Preferences/" </custom_item> Existing audits will be unaffected by this change, and any check not requiring a new path will default to /Library/Preferences/ automatically. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New CIS Aliyun Linux 2 Benchmark v1.0.0 Summary Customers...
New CIS Aliyun Linux 2 Benchmark v1.0.0 Summary Customers using Aliyun Linux 2 (Alibaba Cloud Linux) can now measure their ECS compliance with the CIS Aliyun Linux 2 Benchmark v1.0.0 using Tenable audit files. This audit has been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable/. CIS Benchmarks CIS Aliyun Linux 2 Benchmark v1.0.0 Target Release Date 8 Oct 2019 Additional Notes: CIS guidance assumes operations are being performed by the root user because unexpected results may be produced by non-root users using sudo. This audit includes Level 1 and Level 2 profiles. This audit will work for ECS based instances as well as virtual machines deployed using the on-prem virtual machine image. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.