Notification

Icon
Error

Internet Explorer Vulnerability

Posted: Thursday, April 18, 2019 1:06:23 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,956
0
Like
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server. You can find more info about this in our blog post.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...isable-IE11-on-W10.aspx

We've also created a video tutorial to run the report and deploy the package.

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...ow-to-run-a-report.aspx
Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Case
    When tblAssets.AssetID = Feature.AssetID Then 'At Risk'
    Else 'Safe'
  End As [At Risk/Safe],
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When tblAssets.AssetID = Feature.AssetID Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Left Join tsysOS On tblAssets.OScode = tsysOS.OScode
  Left Join (Select Top 1000000 tblAssets.AssetID
      From tblAssets
        Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
        Inner Join tblFeatureUni On tblFeatureUni.featUniID =
          tblFeature.featUniId
      Where tblFeatureUni.featureCaption Like '%Internet Explorer%') As Feature
    On Feature.AssetID = tblAssets.AssetID
Where tsysOS.OSname Is Not Null And tblState.Statename = 'Active' And
  tsysAssetTypes.AssetTypename = 'Windows'
Order By tblAssets.Domain,
  tblAssets.AssetName
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 235  
posted: 4/18/2019 3:48:17 PM(UTC)
Ordinarily you guys post a link to info about the exploit right? at any rate here is a link in case someone wants more info.

Originally Posted by: Esben.D Go to Quoted Post
A new IE vulnerability has been disclosed. Using a XXE attack, users using Internet Explorer that open an MHT file will have local files sent to the attacker's web server.

The report below provides an overview of all Windows assets in your network and whether they have an Internet Explorer feature installed or not.

If you would like to disable IE on Windows 10 machines, you can do so with this deployment package: https://www.lansweeper.c...isable-IE11-on-W10.aspx

Instructions to add this report to Lansweeper can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx
Esben.D
#2Esben.D Member Administration Original PosterPosts: 1,956  
posted: 4/18/2019 4:08:50 PM(UTC)
I usually link to our own blog post, which I hadn't done yet since I made the forum post before the blog post ;)

The blog post contains the link to the original source: http://hyp3rlinx.altervi...NTITY-INJECTION-0DAY.txt

Active Discussions

Lansweeper HP Warranty scan - broken for some products
by  M Redfern   Go to last post Go to first unread
Last post: Today at 12:30:44 PM(UTC)
Lansweeper Worked time
by  Imrane DESSAI  
Go to last post Go to first unread
Last post: Today at 7:14:40 AM(UTC)
Lansweeper Adding Owner/User information to Assets:All column report
by  ssmarr5   Go to last post Go to first unread
Last post: Today at 12:15:01 AM(UTC)
Lansweeper Send users email about low disk space
by  DontByteMe  
Go to last post Go to first unread
Last post: Yesterday at 10:02:43 PM(UTC)
Lansweeper Can reports be directed to a file server
by  RKCar   Go to last post Go to first unread
Last post: Yesterday at 9:40:18 PM(UTC)
Lansweeper Monitor Model- Generic PnP Monitor
by  Roger D.  
Go to last post Go to first unread
Last post: Yesterday at 7:22:01 PM(UTC)
Lansweeper Are Deleted Dashboard Tabs Retrievable?
by  Rob-CD   Go to last post Go to first unread
Last post: Yesterday at 4:04:45 PM(UTC)
Lansweeper Assets Not Seen in 90 Days not Automatically becoming Inactive
by  Rob-CD  
Go to last post Go to first unread
Last post: Yesterday at 4:00:00 PM(UTC)