Expanded CVE detection
We added vulnerability detection for more platforms and improved existing platforms.
New Microsoft application CVE detection
Expose additional critical vulnerabilities on your workstations and servers with new application vulnerability detection for Microsoft Edge, .NET Framework, and Visual Studio Code. Mondoo automatically flags vulnerable releases on the asset's Software tab. Links to relevant CVEs and Microsoft KB advisories help you understand the risk of outdated software releases in your environment.
New Pop!_OS CVE support
Mondoo now identifies vulnerabilities in Pop!_OS, the Ubuntu-derived distribution for System76 laptops.
Improved VMware vSphere advisory & CVE detection
We expanded VMware vSphere advisory and CVE detection to ensure you always have the latest advisories and vulnerabilities flagged on both ESXi and vSphere assets.
New Ubuntu 24.04 EOL and CVE support
Mondoo now detects the end-of-life date for the upcoming Ubuntu 24.04 release as well as package CVE data. Although the Ubuntu release doesn't come out until April, we want you to be secure from day one.
Improved software vulnerability experience
Find critically outdated software faster with improvements to the Software tab for assets. New quick filter buttons let you select between OS packages and applications. Badges help you narrow down risk with EPSS/CVSS3 scores.
More source information for CVEs
For vulnerabilities that have known exploits in the wild, Mondoo now provides a link to the external citation from the CVE page.
- For software vulnerabilities listed in the CISA Known Exploited Vulnerability (KEV) database.
- For software vulnerabilities listed in Metasploit, Mondoo now provides a link to the Metasploit source repository.
See the top vulnerabilities for a space
Each space overview now shows the top vulnerability in the space, as determined by the ratio of impacted assets and CVSS score.
Performance
We paid extra attention to performance in February. To make sure you get the best security results without waiting, we refactored how Mondoo initiates scans, compiles CVE data, and executes the shell.
We cut large asset scan times in half! And we dramatically improved memory usage at the same time—from ~950 MB to just ~200 MB.
For some platforms, we improved performance even more:
- GitHub organization scans are an additional 5x faster.
- Azure subscription scans are an additional 3x faster.
- Slack user queries for large workspaces are up to 25x faster.
New and expanded resources
This past month we added new resources and resource fields to give you access to even more asset data.
New sshd.config.blocks field
The ssh.config resource now includes a new blocks field that lets you query configuration data defined in individual SSHD match groups.
For example, suppose you have an SSHD configuration file with a match group for sftp-users:
...
X11Forwarding yes
Match Group sftp-users
X11Forwarding no
PermitRootLogin no
AllowTCPForwarding yesPreviously, the sshd.config.params field showed you both instances of the X11Forwarding configuration without the context necessary to understand where this configuration is applied:
> sshd.config.params.X11Forwarding
"no,yes"Now using blocks you can see exactly which users get each configuration option:
> sshd.config.blocks { criteria params }
sshd.config.blocks: [
0: {
criteria: ""
params: {
X11Forwarding: "yes"
...
}
}
1: {
criteria: "Group sftp-users"
params: {
AllowTcpForwarding: "yes"
PermitRootLogin: "no"
X11Forwarding: "no"
}
}
]More resource additions and improvements
The guidance you need for smart security decisions
This past month we invested our time in making sure you have access to the information you need to make the most important security improvements. We made it easier to identify your patching priorities. We gave you access to more data on your assets. And we do it all faster and with less memory!
If you're not already benefiting from the security intelligence that Mondoo provides, now is a great time to start.
