Proofpoint On-Premises Release Notes version 7.14.3
Version 7.14.3
This document provides information about new features, issues that were discovered and fixed since the previous release, and any limitations of the release. It is important that you read this document before you install and configure this version.
For information about how to install and upgrade, see:
This version includes security fixes.
Version 7.14.3 or newer no longer supports SQL authentication between backend components and the database. Only Windows authentication (AD service account) is supported. Make sure you already have a well-defined user (AD service account) before starting installation or upgrade.
When upgrading, the Web Console component must be removed and you must install the new version as Security Support Provider Interface (SSPI). It is not possible to upgrade from an older version configured with SQL authentication to a new version with SSPi.
New Features and Enhancement
User Data Cleanup
You can now delete all collected data of a specific user. This feature provides increased privacy for users, meeting GDPR "the right to be forgotten" requirements.
To access, select Configuration > User Management > User Data Cleanup.
Only Admin, Config Admin, Settings Admin roles are allowed to delete the collected data.
In the User Data Cleanup screen, provide the usename of the user whose data you want to delete. When you click Submit Cleanup Request the process starts. The operation is scheduled offline asynchronously. By default, it is set to 9pm nightly.
You can follow the status of all requests in the Cleanup Requests Status table at the bottom of the screen. To clean cleanup requests that are no longer in progres, click Clear Completed/Failed Requests and any completed or failed deletion requests are removed from the screen.
Data in the following repositories for the selected user is deleted:
-
Activity tables
-
Alert tables (triggered Alerts - not Alert Rules)
-
Screenshots
-
User Risk Dashboard
-
User Activity Profile
-
Archive
-
Saved Sessions
Supported Version Updates
.Net 6.0.16 is supported.
The Typical Installer (OneClick) has been removed and is no longer available when installing or upgrading Windows Agents.
Security Fixes (CVEs)
Insider Threat Management Server Authorization Bypass in SOAP Endpoints, CVE-2023-35998 (OIT-52)
CVE-2023-35998 describes a missing authorization check (CWE-862) in multiple SOAP endpoints that enables reading and writing of unauthorized objects via direct reference. Successful exploitation requires an attacker to first obtain a valid agent authentication token. A fix is available. This vulnerability has been assigned a CVSS score of 5.4 (Medium):
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Insider Threat Management Server Password Disclosure, CVE-2023-35600 (OIT-279, none for OIT-84 since Low)
CVE-2023-35600 describes an information disclosure vulnerability (CWE-200) in the Application Server that reveals the password for a private key used by MacOS agents for mutual TLS. Successful exploitation requires an attacker to first obtain a valid agent authentication token. A fix is available. This vulnerability has been assigned a CVSS score of 5.7 (Medium)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Insider Threat Management Server Improper Type Validation, CVE-2023-35602 (OIT-282)
CVE-2023-35602 describes an improper type validation error (CWE-1287) in the Application Server that a local attacker can use to exfiltrate arbitrary data from the environment. A fix is available. This vulnerability has been assigned a CVSS score of 5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ITM Windows Agent Insecure Filesystem Permissions, CVE-2023-2818
An insecure filesystem permission vulnerability in Insider Threat Management Agent for Windows enables unprivileged users to influence agent monitoring. All versions before 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. This vulnerability is identified by CVE-2023-2818. This vulnerability has been assigned a CVSS score of 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Resolved Issues
[Issue 584]: The issue in which log files volume in Windows became too large, was resolved.
[Issue 878]: Performance injecting activity with key logging in the database was improved.
[Issue 873]: The warning text "Screenshot checksum verification failed" no longer displays in the Session Player when there was no actual checksum failure.
[Issue 673]: SQL queries are now captured correctly also on Windows 11, and appear in the DBA activity screen.
[Issue 883]: Mac Agent was enhanced to shut itself down in case memory consumption exceeds configurable threshold.
[Issue 906]: The issue that occurred in the Website Categorization mode was down due to old self-test that was required an update was resolved.
[Issue 901]: Endpoint screen was updated to show the correct value in the OS version field. (Linux)
[Issue 888]: The issue of secondary authentication that could be bypassed by typing special characters was resolved.
[Issue 882]: System Preference window is no longer popping up frequently on Mac when Agent is running.
[Issue 638]: Special characters can be used now within the password during SSPI authentication for the Website Categorization service.
[Issue 890]: When Insider Threat Library (ITL) ) is entirely removed, the ITL version that displays in the About screen was changed to "N/A (library was removed)" instead of "0.0.0.0".
[Issue 870]: The state of the time zone modes (Server/Endpoint) within the Alert screen is now maintained also when view is switched to other Web function screens.
[Issue 903]: "Add Console User/Group" pop-ups within the Console User screen were updated to show correctly in Chinese for Settings Admin and Config Admin roles.
[Issue 893]: The license screen was updated by removing all ObserveIT details that are no longer relevant.
[Issue 932]: The issue with the Updater that was malfunctioning due to JWT that expired was resolved.
[Issue 824]: Message delay upon server login is now resolved following optimization of the mechanism to fetch AD group members.