New

• We added a new Defense Information Systems Agency (DISA) policy that provides a STIG benchmark for Microsoft Windows 2008 R2 (Ver 1, Rel 33).
• We added vulnerability coverage for CVE-2019-18426 affecting desktop versions of WhatsApp on macOS and Windows.

Improvements

• We enhanced the proofs of policy rules to show more details.

Fixes

• We fixed an issue where an unauthenticated scan could overwrite asset inventory results that were produced by a prior authenticated scan or Insight Agent assessment. Affected asset inventory data could include unique identifiers, alternate addresses, the operating system, and records in the following tables:
  • Installed Software
  • Containers
  • Users and Groups
  • Databases
  • Files and Directories
• We fixed an issue that could cause delayed scan progress updates in the user interface of the Security Console.
• We updated the applicability check used by the CIS policy for Juniper Junos OS so that assessments will run against newer versions.