Internet Explorer exploit lets hackers steal data even if you never it

Even if you never open Internet Explorer, a newly discovered Windows security flaw found that hackers can use the old web browser to steal your data.
Even if you never open Internet Explorer, a newly discovered Windows security flaw found that hackers can use the old web browser to steal your data.

Image: Alexander Hassenstein/Getty Images

Finally stopped using Internet Explorer? Good! But, now it’s time to completely delete it from your computer, too.

Security researcher John Page has a new that allows hackers to steal Windows users’ data thanks to Internet Explorer. The craziest part: Windows users don’t ever even have to open the now-obsolete web browser for malicious actors to use the exploit. It just needs to exist on their computer.

“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally,” Page. “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”

Basically, what this means is that hackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default. 

To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service.

“[For] example, a request for “c:Python27NEWS.txt” can return version information for that program,” Page explains. “Upon opening the malicious ‘.MHT’ file locally it should launch Internet Explorer. Afterwards, user interactions like duplicate tab ‘Ctrl+K’ and other interactions like right click ‘Print Preview’ or ‘Print’ commands on the web-page may also trigger the XXE vulnerability.”

The exploit has been tested using the last version of Internet Explorer, IE 11. It affects Windows 7, Windows 10, and Windows Server 2012 R2 users.

Most worrisome, according to Page, is that Microsoft told him that it would just “consider” a fix in a future update. The security researcher says he contacted Microsoft in March before now going public with the issue.

As points out, while Internet Explorer usage less than 10 percent of the web browser market, it doesn’t particularly matter in this case as the exploit just requires a user to have the browser on their PC.

Earlier in 2019, Microsoft cybersecurity expert Chris Jackson urged anyone still using Internet Explorer to finally . The company officially discontinued its former flagship web browser in 2015.

Uploads%252fvideo uploaders%252fdistribution thumb%252fimage%252f90112%252fc3b3ffde d94e 4e37 8408 80383acfc071.jpg%252foriginal.jpg?signature=mjmuq9hcdloughk99f5wjtdh3p4=&source=https%3a%2f%2fblueprint api production.s3.amazonaws

Source

more recommended stories

  • 'Game of Thrones' season 8 episode 2 recap – Winterfell preps for their biggest battle yet

    Everyone’s preparing for the impending battle.

  • Online project management training that can help boost your career

    Just to let you know, if.

  • Raising Kratos’ Sony documentary gets a trailer: Watch

    Sony Santa Monica’s critically and commercially.

  • World rocked by revelation that Goombas have arms and hands

    Not since Mario’s nipples has the.

  • Teen YouTubers who faked a pregnancy apologize — and offer bad sex ed advice

    Two teenage YouTubers were the subject.

  • Amazon devices, Philips juicers, Microsoft tablets, Kenwood mixers, and more on sale for April 18 in the UK

    The bank holiday weekend is almost.

  • Microsoft refused to sell facial recognition tech to law enforcement

    The potential for abuse of facial.

  • Google Pay can import airline miles, reward points, and more from Gmail now

    KRAKOW, POLAND – 2018/08/27: Fifty and.

  • ‘Game of Thrones’ premiere featured cameos from ‘It’s Always Sunny’ and ‘Silicon Valley’

    Spoiler warning: If you’re not caught.

  • 3 ways to combat climate change according to young activists

    Young people have a lot more.

  • Juul sets up a web portal for narcing on vaping teens

    Don’t be a bad teen.Image: Suzanne.

  • Mike Gravel’s campaign is proof that more politicians need meme tutors

    In the age of surrealist memes.

  • Noah Centineo plays an insufferable jerk in ‘The Perfect Date’: Review

    The following is a spoiler-free review.

  • A guide to roasting Bran Stark in ‘Game of Thrones’ Season 8

    sBran Stark sucks, but you don’t.

  • Instagram cracks down on ‘inappropriate’ content

    Instagram is making changes to its.

  • How did NASA create its own pretty artificial auroras? Rockets, of course.

    These artificial auroras are arguably as.

  • Don’t hold your breath for that 16-inch MacBook Pro

    Apple’s 16-  or 16.5-inch MacBook Pro.

  • K-pop Twitter can’t tell which way BTS’ Jimin is facing in this new video clip

    There’s nothing the internet loves more.

  • Shadows Die Twice’ and difficulty vs. accessibility

    For anyone who’s been paying attention.

  • Watch hilarious ‘Game of Thrones’ sketches from ‘Saturday Night Live’

    Jon Snow may know nothing, but.

  • Best wireless charging mats 2019 (RIP AirPower, we hardly knew you)

    The Choetech wireless charging pad is.

  • Snapchat gets upgrade with gaming platform and new features

    Snapchat is trying to stay alive.

  • Elon Musk is still Tesla CEO — for now

    Tesla CEO Elon Musk had his.

  • Lincoln Aviator SUV returns with 28-speaker sound system

    Disclosure Every product here is independently.

  • ‘Game of Thrones’ star Emilia Clarke describes what it’s like to survive a brain haemorrhage

    Emilia Clarke recently penned an op-ed.

  • The three most popular Netflix shows in the U.S.

    HighSpeedInternet looked at the top shows.

  • Best and worst April Fools jokes from big tech companies in 2019

    Big tech companies continued the tradition.

  • Facebook will give you more info about why certain posts show up in your News Feed

    Facebook is adding a feature to.

  • This massive online course sale is meant to help you live your best life

    Your time is valuable and limited.

  • Tom Hiddleston’s Chinese Centrum ad is a real wild ride

    It was brought to the internet’s.

  • Dad delivers impromptu performance of ‘Ave Maria’ for his daughter at Disney World

    There are some things in life.

  • GoFundMe donates to GoFundMe that’s trolling another GoFundMe

    We forgive you if you’re feeling.