The recent Exchange vulnerabilities are covered already by authenticated, unauthenticated and active remote checks. However these VTS are only available in the GSF and not in the community feed.
Lukas,
Thanks. I took a look at this, but it seems the service is for GVM running in the cloud? I don’t see an option to just pay for access to the more updated feed. Which is what I would like to be able to do.
As Microsoft Exchange is more an enterprise product (yes, some SOHO might running it as well but overall it is an Enterprise product) there are AFAIK no plans to make the related VTs available in the community feed.
That’s disappointing. I can understand and respect the business model behind having the most recent NVTs in a paid only feed, but expected anything that went into that feed would eventually be moved into the community feed. I also find it rather irresponsible in a community sense that a vulnerability such as this would NOT be released into the community. For the same reason you state. There are probably not that many MS Exchange servers in the SOHO environment. But those environments are the ones that would most need to have this NVT to let them know they have a serious vulnerability as they are less likely to have someone paying close attention to cyber security news. Especially with the level of activity this vulnerability is seeing from the cybercrime arena. You’re also making what I think is an incorrect assumption that the community edition is only being used in SOHO environments. I would rather expect the responsible thing to do would be to release NVTs for the more serious vulnerability to the community faster than normal. In the end, that sort of activity would benefit the community as whole and as a bonus would be an excellent PR move for Greenbone.
Can’t say much on the other parts because it is not my decision which VTs are reaching which feed.
I just wanted to clarify this:
I never have written that the community edition is only being used in SOHO environments. I only pointed out that VTs which are targeting vulnerabilities for Enterprise products (Microsoft Exchange is definitely one of such products. But there is a slight chance that it is running on SOHO environments as well, this was what i have written but could have been misunderstood) will only put into the commercial GSF feed.
AFAIK this is clearly defined in various online resources provided by Greenbone. If you like i could post them on request.
Our virtual machine GSM Trial (formally known as Greenbone Community Edition) is only a testing version for private personal usage. It is NOT intended to be used in companies or enterprise environments.
The Greenbone Community Feed has no guarantees about inclusion of any VT and timelines. If you are in a professional environment and have such a requirement you should really think about using one of our products.
Despite personally I would love to see this specific VT in the community edition we have clearly stated that enterprise software is only covered in our paid product. This is common problem having a business with free software. If you are using our completely free version there is a downside.
While I accept this reasoning, buying the product is very difficult from your site. Apparently one needs to go via a partner to get a price quote. If buying the product directly from Greenbone is possible, please do provide me with the details on how to do that.
While I accept this reasoning, buying the product is very difficult from your site. Apparently one needs to go via a partner to get a price quote. If buying the product directly from Greenbone is possible, please do provide me with the details on how to do that.
Please send your inquiry to sales@greenbone.net - our sales team will be happy to help you with any questions regarding our product lines and pricing.
However, the GCF receives no new NVTs for features for enterprise environments since September 4th 2017. This distinction is regarded an adequate balance between community needs and commercial needs.
Hi @immauss - thank you for your interest in our products and services! If you only want to test the security feed to check if it finds the MS Exchange vulnerability on your devices, then you can request a test key here and test the feed 14 days for free! Free Trial - Greenbone Networks
In case you are interested in a professional or long-term solution, please contact sales@greenbone.net - they will be happy to help you.
