Notification

Icon
Error

Internet Explorer Vulnerability

Posted: Thursday, April 18, 2019 1:06:23 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,738
0
Like
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server. You can find more info about this in our blog post.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...Disable-IE11-on-W10.aspx

We've also created a video tutorial to run the report and deploy the package.

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Case
    When tblAssets.AssetID = Feature.AssetID Then 'At Risk'
    Else 'Safe'
  End As [At Risk/Safe],
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When tblAssets.AssetID = Feature.AssetID Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Left Join tsysOS On tblAssets.OScode = tsysOS.OScode
  Left Join (Select Top 1000000 tblAssets.AssetID
      From tblAssets
        Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
        Inner Join tblFeatureUni On tblFeatureUni.featUniID =
          tblFeature.featUniId
      Where tblFeatureUni.featureCaption Like '%Internet Explorer%') As Feature
    On Feature.AssetID = tblAssets.AssetID
Where tsysOS.OSname Is Not Null And tblState.Statename = 'Active' And
  tsysAssetTypes.AssetTypename = 'Windows'
Order By tblAssets.Domain,
  tblAssets.AssetName
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 231  
posted: 4/18/2019 3:48:17 PM(UTC)
Ordinarily you guys post a link to info about the exploit right? at any rate here is a link in case someone wants more info.

Originally Posted by: Esben.D Go to Quoted Post
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...Disable-IE11-on-W10.aspx

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
Esben.D
#2Esben.D Member Administration Original PosterPosts: 1,738  
posted: 4/18/2019 4:08:50 PM(UTC)
I usually link to our own blog post, which I hadn't done yet since I made the forum post before the blog post ;)

The blog post contains the link to the original source: http://hyp3rlinx.altervi...NTITY-INJECTION-0DAY.txt

Active Discussions

Lansweeper Top 10 Ticket Types Year To Date
by  LGuth   Go to last post Go to first unread
Last post: 7/10/2019 8:37:48 PM(UTC)
Lansweeper Fonts
by  Spectrum  
Go to last post Go to first unread
Last post: 6/25/2019 11:24:19 AM(UTC)
Action Powershell script for WOL on VLAN
by  psmail   Go to last post Go to first unread
Last post: 5/30/2019 12:00:43 AM(UTC)
Action Schedule Reboot using AT and psshutdown with time input
by  spatchE  
Go to last post Go to first unread
Last post: 5/21/2019 5:35:46 PM(UTC)
Action Open users local Temp directory
by  studerje   Go to last post Go to first unread
Last post: 5/14/2019 7:24:24 PM(UTC)
Lansweeper CMD- CFI MS Update remover 2
by  Rodney Stowell   Go to last post Go to first unread
Last post: 4/18/2019 6:55:01 PM(UTC)
Action Skype User
by  cctech  
Go to last post Go to first unread
Last post: 4/18/2019 4:14:54 PM(UTC)