Callisto Help > > Callisto On Premise 22-06 Release Notes

Callisto On Premise 22-06 Release Notes

June 2022 Callisto release is CVE focussed.

  1. New datatable to show Cyber Essentials compliance data. Status of missing updates with critical CVEs associated and number of days since their release.
  2. New Vulnerabilities tab in device modal to list CVEs applicable to individual machines
  3. Improved reporting of CVE criticality using floating point rather than integers
  4. Improved handling of scenarios when MSRC API is offline, page will load much more quickly from cached data and notify this.

Cyber Essentials Data

The Cyber Essentials data table shows a status for each required update related to a Critical CVE. Following the release of an update Cyber Essentials states:

Requirements under this technical control theme
The Applicant must keep all its software up to date. Software must be:
• licensed and supported
• removed from devices when no longer supported
patched within 14 days of an update being released, where the patch fixes a vulnerability with a severity the product vendor describes as ‘critical’ or ‘high risk’

Callisto Security Analyst Dashboard will help meet this requirement by tracking required Microsoft updates associated with critical or high risk CVEs and reporting compliance state based on meeting this 14 day window.

Device Modal Changes

The new Vulnerabilities tab on the device modal updates pane lists all applicable CVEs, these are clickable to access the CVE modal directly.

CVE Criticality

The May release of Callisto CVE data table listed CVE criticality as an integer, this can mean that some non-critical CVEs are interprested as Critical as their base score gets rounded up. The new release renders these as floating point scores for more accurate reporting.

Offline API Handling

The Microsoft Security Research Center API service has occiasional outages, we've improved the code to detecet when the API is unavailable and have the dashboard fall back to cached data. A notification is shown in the portal when this occurs to ensure you know that you are not looking at live data.