Tenable plugin update takes down Nessus agents worldwide, similar to CrowdStrike
Take action: One more reminder of the fear from the risk of a third party auto-updating software running as root on most of our infrastructure. First it was CrowdStrike, now it's Tenable. We put implicit trust in such programs, because they are the *security* software.
Learn More
Tenable update has caused a disruption starting December 31st, 2024, when a buggy update version caused Nessus vulnerability scanner agents to go offline worldwide.
The issue affected systems running Nessus Agent versions 10.8.0 and 10.8.1, impacting customers across multiple regions including the Americas, Europe, and Asia.
While the agents went offline, Tenable claims that there was no direct impact to host systems beyond the agent disconnection.
Tenable temporarily disabled all plugin feed updates to prevent further systems from being affected and removed the problematic versions 10.8.0 and 10.8.1 from their download channels. By January 2nd, 2025, Tenable released version 10.8.2 as a fix for the issue. They also developed and provided Windows GPO scripts to help customers with mass remediation efforts and published detailed documentation for recovery procedures.
Customers must take manual action to recover the systems either by upgrading to Nessus Agent version 10.8.2 or downgrading to version 10.7.3. The recovery process requires manual agent upgrades using the 10.8.2 install package, and in cases where agent profiles are used for upgrades or downgrades, a plugin reset is also necessary.
This incident bears similarities to a July 2024 event involving CrowdStrike Falcon, though the Tenable situation had less severe consequences as it did not result in system crashes or broader service disruptions.
By January 3rd, 2025, Tenable announced plans to resume the plugin feed, though with continued restrictions on the affected versions.
