• 6.5.94 Product Update 2019-12-11

    • New

      • Defense Information Systems Agency (DISA) Policy Content
        • We added the following new DISA benchmarks:
          • Adobe Acrobat Reader DC Classic Track STIG Benchmark - Ver 1, Rel 6
          • Adobe Acrobat Reader DC Continuous Track STIG Benchmark - Ver 1, Rel 5
          • Google Chrome for Windows STIG Benchmark - Ver 1, Rel 13
          • MS DotNet Framework 4 STIG Benchmark - Ver 1, Rel 6
          • McAfee VirusScan 8.8 Local Client STIG Benchmark - Ver 1, Rel 2
          • McAfee VirusScan 8.8 Managed Client STIG Benchmark - Ver 1, Rel 3
          • Microsoft Excel 2010 STIG Benchmark - Ver 1, Rel 2 (SCC tool use only)
          • Microsoft Internet Explorer 10 STIG Benchmark - Ver 1, Rel 9
          • Microsoft Internet Explorer 11 STIG Benchmark - Ver1, Rel 13
          • Microsoft Office System 2013 STIG Benchmark - Ver 1, Rel 5 (SCC tool use only)
          • Mozilla Firefox STIG for Windows Benchmark - Ver 1, Rel 4
          • Mozilla Firefox for RHEL STIG Benchmark - Ver 1, Rel 4
          • Windows Defender AV STIG Benchmark - Ver 1, Rel 4
          • Microsoft Windows Firewall STIG Benchmark - Ver 1, Rel 7
        • We also updated the following existing DISA benchmarks:
          • Microsoft Windows 2008 DC STIG Benchmark - Ver 6, Rel 44
          • Microsoft Windows 2008 MS STIG Benchmark - Ver 6, Rel 44
          • Windows Server 2012 and 2012 R2 DC STIG Benchmark - Ver 2, Rel 18
          • Windows Server 2012 and 2012 R2 MS STIG Benchmark - Ver 2, Rel 17
          • Solaris 11 X86 STIG Benchmark - Ver 1, Rel 13
          • Solaris 11 SPARC STIG Benchmark - Ver 1, Rel 13
      • Microsoft Patch Tuesday coverage: This release includes updated scan coverage for December 2019.

      Improvements

      • We updated our Cisco IOS vulnerability checks to account for whether affected services and features are enabled. This reduces the number of vulnerabilities reported against systems that are unpatched but configured to not be directly exploitable.

      Fixes

      • We updated the Automation-Assisted Patching with Microsoft SCCM Automation template. This updated template contains a fix to the logic that checks if a device exists in SCCM. To ensure that your workflow includes this fix, you must create a new workflow from the Automation-Assisted Patching with Microsoft SCCM template. No connection updates are required. For complete overview and procedural instructions for this workflow, see the Microsoft SCCM - Automation-Assisted Patching Help page.
      • We corrected an APIv3 documentation error with the /administration/info endpoint.
      • We resolved several false positives that could occur with our Adobe Acrobat and Reader vulnerability checks for APSB19-49.
      • We fixed an issue that prevented users from editing the configuration of a saved Policy Details report when certain policies were included in it.
      • We resolved false negatives for APSB19-18 that could occur with classic editions of Adobe Reader.
      • We fixed an issue that could prevent the Scan Engine from connecting to Cisco IOS XR devices over SSH.