2.5.290 RC and older

2.5.290 RC

Here are the main changes rolling in with this new release candidate.

Frontend changes:

• Added the new Impact Filter feature 

Backend changes:

• Fixed Heimdal™ Next-Gen Antivirus & MDM bugs
• Refactored the Heimdal™ Privileged Access Management - Revoke local admin users feature
• Fixed information box erroneous time display for elevation in Heimdal™ Privileged Access Management

-------------------------------------------------------------------------------------------------------------------------------------

2.5.260 RC

Here are the main changes rolling in with this new release candidate.

Backend changes:

•  Heimdal™ Privileged Access Management bug fixes

-------------------------------------------------------------------------------------------------------------------------------------

2.5.250 RC

Here are the main changes rolling in with this new release candidate.

Backend changes:

•  Heimdal™ Privileged Access Management bug fixes

-------------------------------------------------------------------------------------------------------------------------------------

2.5.242 RC

Here are the main changes rolling in with this new release candidate from today (20.11.2019).

Backend changes:

• Fixed a bug occurring in the new Heimdal™ Email Security module where the engine stopped intercepting emails after a longer period of time running.

-------------------------------------------------------------------------------------------------------------------------------------

2.5.223 PROD

Here are the main changes rolling in with this new release candidate from today (20.11.2019).

Backend changes:

• Small hotfix for Heimdal™ Next-Gen Antivirus & MDM : it fixes a bug where the Heimdal™ Next-Gen Antivirus & MDM module freezes the computer if the customer deployed a later version of the agent or did not turn on the Heimdal™ Next-Gen Antivirus & MDM module since version 2.5.200.

-------------------------------------------------------------------------------------------------------------------------------------

2.5.240 RC

Here are the main changes rolling in with this new release candidate from today (22.10.2019).

Backend changes:

• Heimdal™ Email Security, our new email filter against Business Email Compromise, is now available as a module, available separately;
• A new Group Policy option that will allow users to cancel an on-demand scan with Heimdal™ Next-Gen Antivirus & MDM ;
• Active clients show warnings in the dashboard when Heimdal gets uninstalled from an endpoint;
• Improved security mechanism on the Dashboard;
• Display mode added in the accounts section for those with the visitor role – this will keep the dashboard session alive without logging you out, but the account implies a read-only mode;
• 3rd party Assets view - added the ability to hide the Microsoft products (since these logs can now take up most of the screen space);
• Priority update servers: This is a new ability to set certain endpoints from the ‘Active clients’ view in the dashboard to become ‘Priority update servers’, forcing other endpoints to retrieve updates from them rather than our internet servers. We also added a timeframe while the regular endpoints should wait if the priority update servers are not available before using the fallback to our internet servers (core services);
• Added a dashboard alert if the Windows Updates are not working on endpoints;
• The current group policy is now shown in the client specifics view in the dashboard;
• Windows Updates - added the ability to install Windows Updates by category, selectable from the group policy;
• DNS information added in client specifics view;
• Ability to call the Heimdal logs and event viewer to the dashboard (confirmation needed on the agent side, skip-able from the GP);
• Fixed issue with shortcuts if the "No GUI" option is ticked;
• Master group policy mode enhancements – there is a new option in GP named "Only merge with other AD group policies";
• Secondary motherboard serial added in the ‘Client specifics’ view in the dashboard – Some vendors store a secondary motherboard serial number);
• New dashboard API additions:
  - added a "Billed by purchased licenses" boolean value that the resellers can see for their customers; 
  - added a distributor level query in the customer’s API
  - ‘Active clients’ is now added in the API 
  - added the ability to filter the statistics in the API by "ClientInfoId"

2.5.172 PROD Update

On the 15^th of February, we have completed an update of Heimdal devices from 2.5.170RC to 2.5.190RC, including the production versions from 2.5.171 / 2.5.172 to 2.5.173.

More than 95% of the active machines are updated and we will continue to ensure that the rest are updated automatically.

The reason we’ve updated all the machines was a vulnerability that was disclosed at the beginning of February month.

2.5.172, 2.5.171 PROD / 2.5.170RC

Details about the issue fixed:

We solved a certificate vulnerability discovered in version 2.5.172 for Heimdal Thor Free, Thor Home and Thor Enterprise. 

It was confirmed that version 2.5.172 did not correctly validate the TLS certificates needed when communicating with the host “coreservice.heimdalsecurity.net”, which would allow a highly skilled attacker with network access to be able to see details like hostname, hard drive serial number and motherboard serial number. 

Due to the Certificate validation, an attacker could also alter the messages from the Heimdal servers and run custom scripts when Heimdal is installing software patches.

The patches are downloaded from a storage location that was also not secured by the certificate validation. Although the files are encrypted, they are checked based on the MD5 for integrity and authenticity from the server, and an attacker could change the MD5 from the server so it matches, thus having Heimdal execute malicious files.

The full list of affected versions is 2.5.170RC and 2.5.171, 2.5.172.

Thank you to Pen Test Partners LLP for bringing this to our attention.