First monthly release of Autumn, mainly Netsec improvements, bug fixing release and groundwork preparation for the Autumn release (expected end of November 2020)


Copyright

© 2020 Outpost24® All rights reserved.

This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Release Date: 2020-09-24

Version: G4.20-3.0


New Features

Netsec 

  • Enforced update refusal policy for if HIAB is not updated for long time
  • It is now possible to share customized report text with subusers

Bug Fixes and Minor Improvements

Netsec 

  • Improved Scanless (SLS) scheduling and Agent SLS
  • Improved implementation of multiple SMB domain scanning
  • Added Agent version to bug reporting for easier issue resolution
  • Fixed detecting OpenVPN product
  • Fixed delta information case for virtual host name
  • Fixed decryption issues with certificate on xmlapi and server
  • Fixed  Out of memory error when requesting findings through REST API (outscan-findings)
  • Fixed Agent Windows installer with a second drive with more free space
  • Fixed Filtering on updated does not work
  • Fixed Scheduling service starts normal scan on "Run discovery scan only"
  • Fixed API Key Disclosure false positive
  • Fixed Cisco parser when comparing versions
  • Fixed Features not synced when offline enrolling HIAB
  • Fixed Internal server error when cannot access Docker repository
  • Fixed detection of redhat samba
  • Fixed CVE-2020-0689 patch solution pulled back by Microsoft
  • Fixed CyberArk - Bulk Set Authentication issues
  • Fixed Scheduled scans not starting
  • Fixed  Outscan - Private API Key exposure False Positive
  • Fixed Office 2019 detection and some false positives
  • Updated solution for patches pulled by Microsoft
  • Added detection for Cisco Jabber (RCE Zero-Day)
  • Added windows 10 2004 build number to scripts
  • Added detection to CVE-2020-1472 (Zerologon)

Appsec

  • Fixed an issue that allowed customers in some scenarios, to scan more applications than their maximum license count when using Appsec Scale.  Any customer who exceed their license count will not be able to scan new unique applications until their total number of scanned applications is reduced to below the license count. However, customers who have been scanning more unique applications than their license would otherwise permit will be permitted to continue to scan those applications for the next ninety (90) days after the application license count will be fully enforced preventing any overage from being scanned.  We recommend customers check their license usage in the Portal, and should they discover they have been scanning more assets than licenses we recommend they contact their sales representative to discuss the matter.

Cloudsec

  • Fixed AWS Foundations Benchmark - 3.x check fail

End of Life Announcement

Elastic Workload Protector (EWP)

  • Official End of Life date: 30th September 2020
  • Official End of Support date: 31st December 2020