Tenable Identity Exposure 2025 On-Premises Release Notes
Tip: You can subscribe to receive alerts for Tenable documentation updates.
These release notes are listed in reverse chronological order.
Tenable Identity Exposure 3.77.9 (2025-02-20)
Enhancement
-
Tenable Identity Exposure streamlined the rollback process to effectively revert the environment to its previous state, ensuring no residual clutter or inconsistencies remain.
New Prerequisite: Ensure the storage manager has at least 20 GB of available disk space before initiating the rollback procedure. For information, see Resource Sizing in the Tenable Identity Exposure User Guide.
Bug Fixes
Tenable Identity Exposure version 3.77.9 contains the following bug fixes:
| Bug Fixes |
|---|
| The audit.csv file from the IoA listener module installs correctly. |
| Tenable Identity Exposure improved the retrieval method for the install location and ensured that all Cleanup_* custom actions do not cause installation or upgrade failures if they return an error. Additionally, Tenable Identity Exposure enforced non-interactive execution for custom actions to prevent confirmation prompts during installation. |
| Tenable Identity Exposure enhanced application resilience with proper handling of RabbitMQ channel errors during message publishing. |
| Tenable Identity Exposure enhanced the access list permissions of the updater folder to prevent access by any malicious users. |
| Tenable Identity Exposure resolved a broken authorization schema in the Indicator of Attack script and configuration. |
| Tenable Identity Exposure addressed a Credential Disclosure vulnerability to prevent administrators from extracting stored SMTP account credentials. |
| The GoldenTicket Indicator of Attack (IoA) now raises an alert when the attacker uses the forged TGT ticket in basic mode. |
| The Dangerous Kerberos Delegation Indicator of Exposure (IoE) now includes all incriminating attributes relative to orphaned SPN. |
| Tenable Identity Exposure now prevents unauthenticated calls with internal services from being saved in activity logs, ensuring clearer and more accurate log records. |
| Tenable Identity Exposure autocompletes the Security Engine Node (SEN) IP address with the fully qualified domain name (FQDN) when the customer's certificates contain only DNS names. |
| Tenable Identity Exposure improved the Windows event log parsing speed, preventing the product from accumulating lag. You must redeploy Indicators of Attack to benefit from this change. |
| Tenable Identity Exposure resolved environment variables restoration when upgrading the Security Engine Node (SEN). |
| Tenable Identity Exposure now terminates the previous updater.exe process using a scheduled task during auto-update. |
| The Tenable Identity Exposure name appears correctly in the user interface. |
| The OS Credentials Dumping IoA now correctly resolves source IP, source hostname, and target IP when the attack is triggered by NTAUTHORITY\SYSTEM. |
| Tenable Identity Exposure now considers the list of privileged PSOs from security profiles, resolving the IoE Application of Weak Password Policies on Users with the reason "No privileged PSOs are applied on the domain" when this option is configured. |
| Tenable Identity Exposure resolved the handling of the lockout threshold and lockout duration options in the Application of Weak Password Policies on Users IoE. It is now possible to allowlist deviances when you set their values to 0. |
| The Health Check page now displays even if one of the registered forests contains a backslash in the user name. |
| Tenable Identity Exposure no longer prevents crawling from succeeding if the sensitive data collection isn't properly configured. |
Updated Software Dependencies
| Software Name | Pre-upgrade | Post-upgrade |
|---|---|---|
| Tenable Identity Exposure | 3.77.6 | 3.77.9 |
| C++ 2015-2019 Redistributable | 14.38.33135.0 | 14.38.33135.0 |
| .NET Windows Server Hosting | 8.0.11.24521 | 8.0.12.24603 |
| IIS URL Rewrite Module 2 | 7.2.1993 | 7.2.1993 |
| Application Request Routing 3.0 | 3.0.5311 | 3.0.5311 |
| NodeJS | 20.18.1.0 | 20.18.2.0 |
| Erlang OTP | 26.2.5.5 | 26.2.5.6 |
| Rabbit MQ | 4.0.3 | 4.0.3 |
| SQL Server | 15.0.4405.4 | 15.0.4415.2 |
| OpenSSL | 3.3.2 | 3.3.2 |
| Envoy | 1.29.10 | 1.29.12 |
| Handle | 5.0.0 | 5.0 |
| Curl | 8.11.0 | 8.12.0 |