Notification

Icon
Error

Internet Explorer Vulnerability

Posted: Thursday, April 18, 2019 1:06:23 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,834
0
Like
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server. You can find more info about this in our blog post.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...Disable-IE11-on-W10.aspx

We've also created a video tutorial to run the report and deploy the package.

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Case
    When tblAssets.AssetID = Feature.AssetID Then 'At Risk'
    Else 'Safe'
  End As [At Risk/Safe],
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When tblAssets.AssetID = Feature.AssetID Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Left Join tsysOS On tblAssets.OScode = tsysOS.OScode
  Left Join (Select Top 1000000 tblAssets.AssetID
      From tblAssets
        Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
        Inner Join tblFeatureUni On tblFeatureUni.featUniID =
          tblFeature.featUniId
      Where tblFeatureUni.featureCaption Like '%Internet Explorer%') As Feature
    On Feature.AssetID = tblAssets.AssetID
Where tsysOS.OSname Is Not Null And tblState.Statename = 'Active' And
  tsysAssetTypes.AssetTypename = 'Windows'
Order By tblAssets.Domain,
  tblAssets.AssetName
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 234  
posted: 4/18/2019 3:48:17 PM(UTC)
Ordinarily you guys post a link to info about the exploit right? at any rate here is a link in case someone wants more info.

Originally Posted by: Esben.D Go to Quoted Post
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...Disable-IE11-on-W10.aspx

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
Esben.D
#2Esben.D Member Administration Original PosterPosts: 1,834  
posted: 4/18/2019 4:08:50 PM(UTC)
I usually link to our own blog post, which I hadn't done yet since I made the forum post before the blog post ;)

The blog post contains the link to the original source: http://hyp3rlinx.altervi...NTITY-INJECTION-0DAY.txt

Active Discussions

Lansweeper Remove all users from old domain
by  cmuter   Go to last post Go to first unread
Last post: 9/20/2019 8:03:58 PM(UTC)
Lansweeper Static IP Address
by  cycleheat  
Go to last post Go to first unread
Last post: 9/20/2019 4:07:16 PM(UTC)
Lansweeper Bitlocker Encryption Recovery Key no information found
by  Stephane   Go to last post Go to first unread
Last post: 9/20/2019 2:26:19 PM(UTC)
Lansweeper InTune Scanning Issues
by  Esben.D  
Go to last post Go to first unread
Last post: 9/20/2019 12:34:59 PM(UTC)
Lansweeper Office 365 scanning issues
by  Esben.D   Go to last post Go to first unread
Last post: 9/20/2019 12:23:30 PM(UTC)
Lansweeper Hard Drive Tracking - Start to Finish
by  Lone Jedi  
Go to last post Go to first unread
Last post: 9/19/2019 8:11:56 PM(UTC)
Lansweeper Lansweeper Reporting Old Assets as New
by  Jpatterson   Go to last post Go to first unread
Last post: 9/19/2019 12:52:14 PM(UTC)
Lansweeper Cannot edit a ticket anymore
by  Esben.D  
Go to last post Go to first unread
Last post: 9/19/2019 12:32:42 PM(UTC)