An endpoint was found to be using an outdated and potentially vulnerable web browser. Insecure browsers may be vulnerable to several types of client side attacks (e.g. XSS), which can lead to compromise of the users browser and entire endpoint through the unauthorized execution of remote code.
The supported browsers, in practice, based on the above guideline (please refer to Scoring Update Release Notes for exact dates related to browser detection):
How is this issue discovered?
Agent user strings, data is stored when you browse to a website from the machine you are using. The agent user strings are captured from honeypot data and correlated with assets that are present on your digital footprint.
How can this issue be resolved?
When submitting a Resolution request, please ensure you include supporting evidence where necessary. This will greatly assist us in ensuring your Issue is resolved in a timely manner. Below, please find the potential options when resolving "Outdated Browsers Detected" findings:
- I have fixed this
- All browsers are updated to the latest released version.
- All browsers have been patched to the latest released version.
- All systems have been re-imaged and updated with the latest browsers.
- I have a compensating control
- We have a third party that auto-patches our browsers to the latest version.
- The browsers detected originated from a guest Wifi network.
- Note: Having an employee's personal device connect to a corporate VPN is a significant security risk. Additional insight: How to secure BYOD devices - Connecting to Corporate VPN is a security risk. This is NOT a valid compensating control.
- Outdated browsers are detected but are located on machines that are in a testing network. These devices still pose a threat to the organization. Unless they are segmented away from the rest of your production infrastructure, this is NOT a valid compensating control.
- This is not my IP or domain
- The IP does not belong to our company.
- These browsers are originating from (x).
- I cannot reproduce this issue and I think it’s incorrect
- All browsers are auto patched as soon as an update is available, the listed browsers are on the latest version possible.