Notification

Icon
Error

Internet Explorer Vulnerability

Posted: Thursday, April 18, 2019 1:06:23 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,982
0
Like
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server. You can find more info about this in our blog post.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...Disable-IE11-on-W10.aspx

We've also created a video tutorial to run the report and deploy the package.

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Case
    When tblAssets.AssetID = Feature.AssetID Then 'At Risk'
    Else 'Safe'
  End As [At Risk/Safe],
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When tblAssets.AssetID = Feature.AssetID Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Left Join tsysOS On tblAssets.OScode = tsysOS.OScode
  Left Join (Select Top 1000000 tblAssets.AssetID
      From tblAssets
        Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
        Inner Join tblFeatureUni On tblFeatureUni.featUniID =
          tblFeature.featUniId
      Where tblFeatureUni.featureCaption Like '%Internet Explorer%') As Feature
    On Feature.AssetID = tblAssets.AssetID
Where tsysOS.OSname Is Not Null And tblState.Statename = 'Active' And
  tsysAssetTypes.AssetTypename = 'Windows'
Order By tblAssets.Domain,
  tblAssets.AssetName
Options
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 236  
posted: 4/18/2019 3:48:17 PM(UTC)
Ordinarily you guys post a link to info about the exploit right? at any rate here is a link in case someone wants more info.

Originally Posted by: Esben.D Go to Quoted Post
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...Disable-IE11-on-W10.aspx

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
0
Esben.D
#2Esben.D Member Administration Original PosterPosts: 1,982  
posted: 4/18/2019 4:08:50 PM(UTC)
I usually link to our own blog post, which I hadn't done yet since I made the forum post before the blog post ;)

The blog post contains the link to the original source: http://hyp3rlinx.altervi...NTITY-INJECTION-0DAY.txt
1

Active Discussions

Report Center Hardware Inventory
by  Cori   Go to last post Go to first unread
Last post: 4/16/2021 4:05:02 PM(UTC)
Lansweeper Windows Activation
by  Hendrik.VE   Go to last post Go to first unread
Last post: 4/16/2021 4:01:47 PM(UTC)
Lansweeper Report with working time, closed state, ticket type against custom filed
by  Dimitar Staykov IT   Go to last post Go to first unread
Last post: 4/16/2021 2:03:53 PM(UTC)
Lansweeper Microsoft True Up: Licenses combined with AD
by  swaelti   Go to last post Go to first unread
Last post: 4/15/2021 12:25:41 PM(UTC)
Lansweeper Cisco Duo and associated registry keys
by  dhoward   Go to last post Go to first unread
Last post: 4/15/2021 12:30:14 AM(UTC)
Lansweeper Report Request - List assets with old software when newer versions are found
by  Tyler M.   Go to last post Go to first unread
Last post: 4/13/2021 8:34:35 PM(UTC)
Lansweeper Calls closed within SLA
by  TimHolmes1973   Go to last post Go to first unread
Last post: 4/13/2021 5:25:38 PM(UTC)
Lansweeper Report that ties O365 Group Member to Asset?
by  Chrisy Mullins   Go to last post Go to first unread
Last post: 4/13/2021 1:34:26 PM(UTC)