We are pleased to announce the availability of CORE Impact v2013 R2.2 for our customers. This update builds upon the recent 2013 R2.1 release and adds more than 20 new updates to the product.
So, what's new in R2.2?:
- published an exploit for Microsoft Office TIFF 0-day (CVE-2013-3906) http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2
- Client-side attacks are now much more robust thanks to improvements in the agent process injector
- Added enhancements to trojan agents so they now have improved reliability and are more resistant to detection by Kaspersky antivirus
- Retina integration revisited and improved
- Added integration support for Metasploit 4.8 * Improvements to the Identity Verifiers heuristic, adding capabilities to use the username as a possible value for the password
- Resolved an issue that was raised in Remediation Validation.
Identity Verifiers are now correctly marked as solved when remediated Plus more than 10 new/updated exploits for targets such as Mac OS X samba, Sophos antivirus and Microsoft Word. As usual, all customers can update to the new version from 2013 R2 by simply performing a "Get Updates" from within their copy of CORE Impact. Your feedback and questions are greatly appreciated. Please send us your questions and suggestions that will help us develop an even better solution to you. Pablo Andres Rubinstein – Director of QA and L3 for Impact Professional