Skip to content

@muffins muffins released this May 23, 2019

osquery 3.4.0 Release Notes

This tag is a Windows only release containing various bug and vulnerability fixes, as well as numerous improvements to performance. The processes table has been re-written to no longer make use of WMI and various aspects of the Windows build system has been re-written to make use of the new buck build system. A critical deadlocking bug has been addressed in the thread management system which will allow osquery to make use of the TLS plugins without deadlocking on service restart.

Below are some of the highlights as they relate to the Windows release. This tag contains well over 250 commits, and there is considerably more content added than what is detailed below. Investigate the full commit history since our last tag for greater details on what has changed since the last tag.

Security Vulnerabilities

#5568 CVE-2019-3567 - osquery is now installed to Program Files to prevent a privilege escalation vulnerability

Bug Fixes

#5421 - addressing deadlock regression in windows dispatcher threads
#5304 - key_strength now correctly displays in certificates table

New Features

#5431 - Add Windows product version information to file table
#5400 - logical_drives table has been drastically refactored
#5454 - sid and hive columns added to the logged_in_users table
#5293 - Processes table now selectively generates columns, no longer uses WMI

Assets 4
You can’t perform that action at this time.