Find All Computers That Are Vulnerable to the Internet Explorer XXE Exploit
Until Microsoft fixes the vulnerability with an update, opening a hostile file can lead to data theft via Internet Explorer. The report below provides an overview of all computers on your network that have the Internet Explorer feature installed that are vulnerable to this exploit. You can find more info about this exploit in our IE XXE vulnerability blog post.
Internet Explorer XXE Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Case
When tblAssets.AssetID = Feature.AssetID Then 'At Risk'
Else 'Safe'
End As [At Risk/Safe],
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblAssets.AssetID = Feature.AssetID Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tblAssets.OScode = tsysOS.OScode
Left Join (Select Top 1000000 tblAssets.AssetID
From tblAssets
Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
Inner Join tblFeatureUni On tblFeatureUni.featUniID =
tblFeature.featUniId
Where tblFeatureUni.featureCaption Like '%Internet Explorer%') As Feature
On Feature.AssetID = tblAssets.AssetID
Where tsysOS.OSname Is Not Null And tblState.Statename = 'Active' And
tsysAssetTypes.AssetTypename = 'Windows'
Order By tblAssets.Domain,
tblAssets.AssetName
