OS: Windows Server 2012 R2
It appears to query the registry and use the following:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version which returns a value of: 9.11.9600.19377
The Version value is prefixed with a 9 for backwards compatibility, but it does not indicate version 9 of IE.
Another string value is present in the key. svcVersion is 11.0.9600.19377. This should probably be used as the basis for the version detection.
We are using the source edition if that makes any difference.
the VT checks if the registry key “HKLM\Software\Microsoft\Internet Explorer!svcVersion” exists and takes this value. If not present, it takes the “Version” item.
Btw.: the detection is done via VT “Microsoft Internet Explorer Version Detection (Windows)” (OID: 22.214.171.124.4.1.256126.96.36.1990209).
Can you please tell me, which version (“Last Modified”) of the VT you are using and if both keys exist in your registry?
Both keys exist in the registry.
I looked at the scan results for 188.8.131.52.4.1.256184.108.40.2060209. The result is very strange. The server in question has multiple IP addresses. The scan results show the correct version from all of the IP addresses except 1 which is reporting the old version.
We run these scans monthly and this has not occurred in the past.
Here is the info for the NVT you listed:
Family: Product detection
Version: $Revision: 11086 $
Sorry, I missed the modified date for the VT. It is: Thu Aug 23 06:43:53 2018.
The most rational explanation to this behavior is that there was some issues (e.g. network connectivity) while gathering the version from
In this case the VT is falling back to gather the version from
HKLM\Software\Microsoft\Internet Explorer!Version instead which holds the backwards compatibility version as you have noticed.
To avoid such situations the following VT:
was updated to try the
svcVersion key once more in such situations. In addition the key where the version was gathered is now included in the detection report as well.
Those changes should arrive in the feed once the above VT has reached the version
2019-07-05T06:51:10+0000 and/or last modification date of
2019-07-05 06:51:10 +0000 (Fri, 05 Jul 2019).