Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Internet Explorer Vulnerabilities

by Sharon Everson
May 25, 2017

Internet Explorer Vulnerabilities Dashboard screenshot

Internet Explorer (IE) has had many security vulnerabilities and concerns as the web browser has evolved. Microsoft has continually improved the security with each new IE version; however, each version carries different risks and unique vulnerabilities to be addressed. Analysts can address certain risk by verifying which systems are running a particular version of IE. Vulnerabilities found in IE by Tenable.sc Continuous View (CV) range in severity from low to critical, which can aid organizations in mitigating the most severe vulnerabilities first. Internet Explorer 11 is the most current and only version supported. Microsoft stopped providing security updates or technical support as of January 12, 2016 for all other versions. Organizations should be aware and take action if older versions have not been updated to Microsoft Edge or at least a fully patched IE 11. This dashboard will highlight any IE vulnerabilities present within the network.

 IE provides support for plugins and add-ons to be installed such as Flash, Java, ActiveX and third-party toolbars. Many of these browser plugins add additional security risks with vulnerabilities that require updating and patching as well. Add-ons and plugins are given permissions and control of the functionality of IE. With control of IE functionality, these add-ons may lead to compromise and should be considered a risk. Security updates patch vulnerabilities that may be exploited by malware often take advantage of those IE exploits and help to keep users and their data safer. Applying security updates help protect computers from malicious attacks, so upgrading and staying current is important.

 This dashboard displays vulnerabilities found in Internet Explorer, and assists analysts in determining the level of risk associated with the web browsers' use. As with all browsers, Internet Explorer has become an important tool utilized in many organizations. As web interfaces gain ground with current business software trends, so will the increased need to determine the risk associated with IE and the monitoring of those vulnerabilities. Tenable.sc CV incorporates continuous monitoring that allows analysts to gain insight into systems that are not being patched on a regular basis. Given this information, analysts can develop more effective mitigation plans and reduce risk in the enterprise.

 The Internet Explorer Vulnerabilities dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Discovery & Detection.

The dashboard requirements are:

  • Tenable.sc 5.4.5
  • Nessus 8.6.0
  • LCE 6.0.0
  • NNM 5.9.0
  • This dashboard requires “Full Text Search” to be enabled for each analyzed repository.

Tenable's Tenable.sc CV provides continuous network monitoring, vulnerability identification and security monitoring. Tenable.sc CV is continuously updated with information about advanced threats, zero-day vulnerabilities and new types of regulatory compliance configuration audit files. Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context, and enabling decisive action that transforms a security program from reactive to proactive. Active scanning periodically examines the applications on the systems, the running processes and services, web applications, and configuration settings. Agent scanning enables scanning and detection of vulnerabilities on transient and isolated devices. Passive listening provides real-time discovery of vulnerabilities on operating systems, protocols, network services, wireless devices, web applications and critical infrastructure. With this information, analysts can better analyze risk and create remediation strategies. Tenable enables powerful, yet non-disruptive, continuous monitoring of the organization to ensure vulnerability information is available to analysts.

The components included with this dashboard are:

Internet Explorer Vulnerabilities - Vulnerability Summary: This component summary has a count of each host impacted and searches for vulnerabilities using CPE strings along with Java and Flash plugins. Findings highlight the level and count of vulnerabilities discovered in the matrix. Internet Explorer vulnerabilities range from info to critical.

Internet Explorer Vulnerabilities - Exploitable Vulnerabilities: This table displays an IP address summary with FQDN, if available, of systems with exploitable vulnerabilities in Internet Explorer. Each host is given a score and highlights the medium to critical range of vulnerabilities found.

Internet Explorer Vulnerabilities - IE Version Detection: The IE Version Detection component detects the versions of Internet Explorer present on the network. This component uses the Tenable products Nessus, NNM and LCE. The plugins that detect the version of Internet Explorer use user agent strings or registry values.

Internet Explorer Vulnerabilities - Internet Explorer Could Allow Remote Code Execution:  This component identifies systems that are running Internet Explorer affected by an unspecified use-after-free vulnerability. Each cell highlights and changes color when a system found with an unspecified use-after-free vulnerability related to VML and Flash components.

Internet Explorer Vulnerabilities - Enhanced Mitigation Experience Toolkit (EMET): This component displays host counts of systems running Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a tool for mitigating security vulnerabilities in Windows applications. 

Internet Explorer Vulnerabilities - IE Related Vulnerabilities: The IE Related Vulnerabilities component focuses on vulnerabilities found in IE with add-ons, plugins and toolbars. Each cell reports the number of systems with these IE additions installed and changes color when matches are discovered.

Internet Explorer Vulnerabilities - 90 Day Vulnerability Trending: This component displays a 90-day trend analysis of all Microsoft Internet Explorer medium, high and critical vulnerabilities.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Try Tenable Web App Scanning

    Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

    Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

    Buy Tenable Web App Scanning

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    5 FQDNs

    $3,578

    Buy Now

    Try Tenable Lumin

    Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

    Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

    Buy Tenable Lumin

    Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

    Try Tenable Nessus Professional Free

    FREE FOR 7 DAYS

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

    NEW - Tenable Nessus Expert
    Now Available

    Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

    Fill out the form below to continue with a Nessus Pro Trial.

    Buy Tenable Nessus Professional

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

    Select Your License

    Buy a multi-year license and save.

    Add Support and Training

    Try Tenable Nessus Expert Free

    FREE FOR 7 DAYS

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Already have Tenable Nessus Professional?
    Upgrade to Nessus Expert free for 7 days.

    Buy Tenable Nessus Expert

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Select Your License

    Buy a multi-year license and save more.

    Add Support and Training