Objective:
According to Microsoft announcement: Support for older versions of Internet Explorer ended on January 12th, 2016, you should verify you Windows systems to the latest Microsoft Support Lifecycle statements.
Solutions
With Nessus you can use plugin 72367 to determine which version of Internet Explorer is installed.
If you don’t use Nessus you can query the following registry key:
HKLM\SOFTWARE\Microsoft\Internet Explorer\svcVersion
If the svcVersion key does not exists (versions of Internet Explorer 9 and below) check the version key.
Windows commandline:
C:\>reg query "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
svcVersion REG_SZ 11.63.10586.0 |
Powershell:
(Get-ItemProperty "HKLM:\Software\Microsoft\Internet Explorer").svcVersion 11.0.9600.18163 |
Many internet sources note that querying the registry to determine IE version leads to false positives. As an alternative we can do a file version check on iexplore.exe
Powershell:
((get-item "C:\Program Files\Internet Explorer\iexplore.exe").versioninfo).Fileversion 11.00.10586.0 (th2_release.151029-1700) |
Sample Nessus Auditfile check registry key
<check_type: "Windows" version:"2"> <group_policy: "MS Windows Server"> ## Windows Server 2012 <if> <condition type: "AND"> <custom_item> type : REGISTRY_SETTING description: "W2K1200001:Windows Server 2012 is installed:W2K12" info : "This check determines if Windows Server 2012 is installed." value_type : POLICY_TEXT reg_key : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" reg_item : "ProductName" value_data : "^[a-zA-Z0-9\(\)\s]*2012[a-zA-Z0-9\-\(\)\s]*$" check_type : CHECK_REGEX </custom_item> <custom_item> type : REGISTRY_SETTING description: "W2K1200002:Windows Server 2012 is installed:W2K12" info : "This check determines the version of Windows Server" value_type : POLICY_TEXT reg_key : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" reg_item : "CurrentVersion" value_data : "6.2" check_type : CHECK_REGEX </custom_item> </condition> <then> <custom_item> type: REGISTRY_SETTING description: "Running supported version of Internet Explorer" reg_key: "HKLM\SOFTWARE\Microsoft\Internet Explorer" value_type: POLICY_TEXT reg_item: "svcVersion" value_data: "^10.*" check_type : CHECK_REGEX </custom_item> </then> </if> </group_policy> </check_type> |
Sample Nessus Auditfile check fileversion
<check_type: "Windows" version:"2"> <group_policy: "MS Windows Server"> <if> <condition type: "AND"> <custom_item> type : REGISTRY_SETTING description: "W2K1200001:Windows Server 2012 is installed:W2K12" info : "This check determines if Windows Server 2012 is installed." value_type : POLICY_TEXT reg_key : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" reg_item : "ProductName" value_data : "^[a-zA-Z0-9\(\)\s]*2012[a-zA-Z0-9\-\(\)\s]*$" check_type : CHECK_REGEX </custom_item> <custom_item> type : REGISTRY_SETTING description: "W2K1200002:Windows Server 2012 is installed:W2K12" info : "This check determines the version of Windows Server" value_type : POLICY_TEXT reg_key : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" reg_item : "CurrentVersion" value_data : "6.2" check_type : CHECK_REGEX </custom_item> </condition> <then> <custom_item> type: FILE_VERSION description: "Filever C:\Program Files\Internet Explorer\iexplore.exe" value_type: POLICY_FILE_VERSION value_data: "10.0.0.0" file: "C:\Program Files\Internet Explorer\iexplore.exe" check_type: CHECK_GREATER_THAN_OR_EQUAL </custom_item> </then> </if> </group_policy> </check_type> |