In this article:
Factor: Endpoint security
Why this matters
At least one endpoint was found to be using an outdated and potentially vulnerable web browser. Insecure browsers may be vulnerable to several types of client-side attacks, such as cross-site scripting (XSS), which can lead to compromise of the user's browser and entire endpoint through the unauthorized execution of remote code.
We consider a browser out of date if has not been updated to the latest version, which has been available for 90 to 120 days.
How we discovered it
We capture user agent strings from commercially available advertising technology data and correlate them with IP addresses in the Digital Footprints.
In terms of outdated web browser version identification, the user agent string is data provided by client web browser requests. It represents various details about the operating system, web browser type, and web browser version number.
How you can remediate it
Review the the findings that appear on the details page for the issue type. Use this information to investigate and address each discovered instance of the issue.
Note: The Evidence column shows the browser’s country location, and visited URL, if that information is available. We will also show the client IP if the proxy server’s X-FORWARDED-FOR headers are enabled. This information is only visible to SecurityScorecard administrators for the organization that owns the Scorecard.
Take the following actions to remediate this issue.
Keep browsers and related settings up to date
View current browser versions, according to Wikipedia:
See Scoring Update Release Notes for exact dates related to browser detection.
Separate your outbound NAT
Any number of outdated browser findings may be related to guest devices on your wireless network. To have these removed from your Scorecard issues, deploy a separate guest NAT IP address.
How you can resolve it in SecurityScorecard
When submitting a Resolution request, ensure you include supporting evidence where necessary. This will greatly assist us in ensuring your issue is resolved in a timely manner. See the following options for resolving Outdated Browsers Detected findings:
I have fixed this
- All browsers are updated to the latest released version.
- All browsers have been patched to the latest released version.
- All systems have been re-imaged and updated with the latest browsers.
I have a compensating control
- We have a third party that auto-patches our browsers to the latest version.
- The browsers detected originated from a guest wireless network.
Note: The following practices are not compensating controls: 1) Having employees' personal devices connect to a corporate virtual private network (VPN ) is a significant security risk. Learn How to secure BYOD devices. 2) Using outdated browsers in a testing network unless they are segmented away from the rest of your production infrastructure.
This is not my IP or domain
- The IP does not belong to our company.
- These browsers originate from a different organization.
I cannot reproduce this issue, and I think it is incorrect
- All browsers are auto-patched as soon as updates are available. The listed browsers are on the latest version possible.