Fleet 4.40.0 is live. Check out the full [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.40.0) or continue reading to get the highlights.
For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs.
Fleet has introduced an enhancement by adding new osquery [tables](https://fleetdm.com/tables) into
the `fleetd` daemon, expanding the range of queryable data points for Fleet users. This development
aligns with Fleet's values of openness and ownership, harnessing the collective intelligence of the
osquery community and thinking long-term. Users can now utilize an enriched dataset from
community-driven extensions, enabling them to query and gather detailed data on various aspects of
their devices, such as FileVault status for macOS, Firefox preferences, the status of Windows
updates, and more.
### RSR version in host details
Fleet continues to iterate by incorporating Apple's macOS [Rapid Security Responses](https://support.apple.com/en-us/102657) (RSRs) into the host details. This feature, accessible through the user interface, REST API, or CLI, provides users with visibility into which macOS hosts have received the latest security patches. RSRs are an innovative approach by Apple to enhance security by delivering crucial updates swiftly and efficiently without necessitating a system restart.
These RSRs address various critical security issues that may affect Safari, WebKit, system libraries, or other components, including patches for vulnerabilities known to be exploited in the wild. By integrating this information into Fleet, administrators can ensure their managed devices are always up to date with the latest protections. It underscores Fleet's commitment to rooting out bottlenecks to empower IT professionals to maintain robust security standards across their device fleet. Incorporation of RSR information into host details enables organizations to leverage this proactive defense mechanism, aligning with the value of resilience in an ever-evolving threat landscape.
### CIS Benchmarks for Windows 10 updates
_Available in Fleet Premium and Fleet Ultimate_
Fleet has expanded its security capabilities for Windows 10 Enterprise by incorporating updates and additions to the CIS (Center for Internet Security) [benchmark policies](https://fleetdm.com/docs/using-fleet/cis-benchmarks). These benchmarks represent a consensus-driven set of best practices designed to mitigate a broad range of common vulnerabilities and are considered a cornerstone in hardening environments.
New policies include hardening measures such as disabling Internet Explorer 11 as a standalone browser to reduce the attack surface, enabling Administrator account lockout to prevent brute force attacks, and configuring RPC (Remote Procedure Call) settings to enforce packet-level privacy and authentication, thus elevating the security of inter-system communications. Additionally, adjustments such as disabling NetBIOS over public networks further protect against unnecessary exposure of system services.
Updates also reflect changes from the latest Windows 11 Release 22H2 Administrative Templates. For example, the 'Turn on PowerShell Transcription' setting has been updated from 'Disabled' to 'Enabled,' providing a more secure default state by ensuring that all PowerShell commands are logged, which is crucial for auditing and forensic activities.
These updates provide security administrators with enhanced tools and configurations to ensure their Windows 10 Enterprise machines are fortified against the latest security challenges, maintaining a robust defense against potential vulnerabilities.
## Changes
* **Endpoint operations**:
- New tables added to the fleetd extension: app_icons, falconctl_options, falcon_kernel_check, cryptoinfo, cryptsetup_status, filevault_status, firefox_preferences, firmwarepasswd, ioreg, and windows_updates.
- CIS support for Windows 10 is updated to the lates CIS document CIS_Microsoft_Windows_10_Enterprise_Benchmark_v2.0.0.
* **Device management (MDM)**:
- Introduced support for MS-MDM management protocol.
- Added a host detail query for Windows hosts to ingest MDM device id and updated the Windows MDM device enrollment flow.
- Implemented `--context` and `--debug` flags for `fleetctl mdm run-command`.
- Support added for `fleetctl mdm run-command` on Windows hosts.
- macOS hosts with MDM features via SSO can now run `sudo profiles renew --type enrollment`.
- Introduced `GET mdm/commandresults` endpoint to retrieve MDM command results for Windows and macOS.
-`fleetctl get mdm-command-results` now uses the new above endpoint.
- Added `POST /fleet/mdm/commands/run` platform-agnostic endpoint for MDM commands.
- Introduced API for recent Windows MDM commands via `fleetctl` and the API.
* **Vulnerability management**:
- Added vulnerability data support for JetBrains apps with similar names (e.g., IntelliJ IDEA.app vs. IntelliJ IDEA Ultimate.app).
- Apple Rapid Security Response version added to macOS host details (requires osquery v5.9.1 on macOS devices).
- For ChromeOS hosts, software now includes chrome extensions.
- Updated vulnerability processing to omit software without versions.
- Resolved false positives in vulnerabilities for Chrome and Firefox extensions.
* **UI improvements**:
- Fleet tables in UI reset rows upon filter/search/page changes.
- Improved handling when deleting a large number of hosts; operations now continue in the background after 30 seconds.
- Added the ability for Observers and Observer+ to view policy resolutions.