Thema: Security-Scanner Nessus/Attack Surface Analyzer

[SiLæncer]

Attack Surface Analyzer is developed by the Microsoft Security Engineering Center (MSEC). It is the same tool used by Microsoft's internal product groups to catalog changes made to the operating system attack surface by installing new software.

MIT License

Whats new:>>

Add Ability to specify port for Gui command (#693)

https://github.com/microsoft/AttackSurfaceAnalyzer

[SiLæncer]

Whats new:>>

    The following are security updates included in Nessus 10.5.2:

    Updated libxml2 to 2.11.1.
    Updated libxslt to 1.1.37.

https://www.tenable.com/products/nessus/nessus-professional

[SiLæncer]

Whats new:>>

Update dependencies (#694)

https://github.com/microsoft/AttackSurfaceAnalyzer

[SiLæncer]

Whats new:>>

    Fix RegistryWalker ( #701 )
    Fix #696 ( #698 )
    Update Pipelines ( #695 )

https://github.com/microsoft/AttackSurfaceAnalyzer

[SiLæncer]

Whats new:>>

    Fixed an issue in which Tenable Nessus used excessive system memory while processing large scan DBs.
    Fixed an issue that caused plugin output to not show in compliance scans.
    Fixed plugin forking misbehaviors that caused excessive memory usage.
    Fix an installation failure issue that would occur when updating Tenable Nessus from 10.5.4 to 10.6.0 via msiexec.

https://www.tenable.com/products/nessus/nessus-professional

[SiLæncer]

Whats new:>>

Fix Sarif output of results with no rule match (#704)

https://github.com/microsoft/AttackSurfaceAnalyzer

[SiLæncer]

Whats new:>>

Update Dependencies ( #705 )

https://github.com/microsoft/AttackSurfaceAnalyzer

[SiLæncer]

Whats new:>>

    Security Updates:

    The following are security updates included in Tenable Nessus 10.6.2:
    Fixed a local privilege vulnerability.
    Fixed an issue that caused file name integer overflow in zlib 1.3.
    Updated OpenSSL to version 3.0.12.

    Bug Fix:

    Fixed an issue that affected report exports generated from scans with names containing characters that are unsupported by file systems.
    Fixed an issue where Tenable Nessus rules would incorrectly reject outbound TCP connections when a rule specifies a host name.
    Fixed a scan permissions issue in the scan configuration user interface.
    Fixed an issue that sometimes caused scanner instability when verifying credentials using OCSP.

https://www.tenable.com/products/nessus/nessus-professional

[SiLæncer]

Whats new:>>

    Fixed a local privilege escalation bug.
    Improved the URL parsing when running web application scans against internal hosts.

https://www.tenable.com/products/nessus/nessus-professional

[SiLæncer]

Changelog

    Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners version 8.x and 10.4.0 and later.
    (Automatic upgrades only) If you upgrade Tenable Nessus to a version later than 10.5.0, the Tenable Nessus will first upgrade to 10.5.0 before it upgrades to the desired version.
    You can upgrade to the latest version of Tenable Nessus from any previously supported version.
    If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
    If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
    If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

[close]

https://www.tenable.com/products/nessus/nessus-professional