How to find latest IE vulnerability (CVE-2012-4969) with Nexpose

Last updated at Tue, 25 Jul 2017 12:42:38 GMT

As you probably know, Microsoft released advisory 2757760 (Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution) which describes a Remote Code Execution vulnerability in Internet Explorer 7, 8, and 9. This was assigned to CVE-2012-4969 and Microsoft released a Security Update patch on September 21st, 2012 (Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)) to address this vulnerability.

Check out this blog about the 0-day exploit released by the Metasploit team on September 17th, 2012. As of Nexpose 5.4.5, released on September 22nd, 2012, you can also now find and remediate any assets that are vulnerable. Here's how:

Launch Nexpose and run a credentialed scan of your windows desktop environment. Once the scan completes, click on the "filter" icon in the upper-right hand corner:

Enter a new filter criterion and search for "Vulnerability Title" contains "MS12-063" and click the Search button. You will see a list of assets that are vulnerable to CVE-2012-4969 . You can now create a dynamic asset group to track your remediation efforts:

You can also find assets vulnerable to 0-days by using other asset filter criteria in Nexpose such as "Software Name", "Service Name", and "OS Name" to pinpoint vulnerable software, services, and OS versions. This works even if Nexpose does not have coverage for a given vulnerability. For example, to find assets running IE7 run this filter:

Now that you have an asset group to track assets vulnerable to CVE-2012-4969, you can easily provide your IT team with the necessary tools to remediate this vulnerability in your environment by using Nexpose's "CSV Export" or "Remediation Report" capabilities.All of the above functionality is available in the Community Edition of Nexpose which you can download here:  Vulnerability Scanner - Free Download, Top Product | Rapid7 . Give it a test drive today and go patch those vulnerable systems with Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)!