Internet Explorer exploit lets hackers steal data even if you never it

Even if you never open Internet Explorer, a newly discovered Windows security flaw found that hackers can use the old web browser to steal your data.
Even if you never open Internet Explorer, a newly discovered Windows security flaw found that hackers can use the old web browser to steal your data.

Image: Alexander Hassenstein/Getty Images

Finally stopped using Internet Explorer? Good! But, now it’s time to completely delete it from your computer, too.

Security researcher John Page has a new that allows hackers to steal Windows users’ data thanks to Internet Explorer. The craziest part: Windows users don’t ever even have to open the now-obsolete web browser for malicious actors to use the exploit. It just needs to exist on their computer.

“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally,” Page. “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”

Basically, what this means is that hackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default. 

To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service.

“[For] example, a request for “c:Python27NEWS.txt” can return version information for that program,” Page explains. “Upon opening the malicious ‘.MHT’ file locally it should launch Internet Explorer. Afterwards, user interactions like duplicate tab ‘Ctrl+K’ and other interactions like right click ‘Print Preview’ or ‘Print’ commands on the web-page may also trigger the XXE vulnerability.”

The exploit has been tested using the last version of Internet Explorer, IE 11. It affects Windows 7, Windows 10, and Windows Server 2012 R2 users.

Most worrisome, according to Page, is that Microsoft told him that it would just “consider” a fix in a future update. The security researcher says he contacted Microsoft in March before now going public with the issue.

As points out, while Internet Explorer usage less than 10 percent of the web browser market, it doesn’t particularly matter in this case as the exploit just requires a user to have the browser on their PC.

Earlier in 2019, Microsoft cybersecurity expert Chris Jackson urged anyone still using Internet Explorer to finally . The company officially discontinued its former flagship web browser in 2015.

Uploads%252fvideo uploaders%252fdistribution thumb%252fimage%252f90112%252fc3b3ffde d94e 4e37 8408 80383acfc071.jpg%252foriginal.jpg?signature=mjmuq9hcdloughk99f5wjtdh3p4=&source=https%3a%2f%2fblueprint api production.s3.amazonaws

Source

more recommended stories

  • Brazen L.A. hawk refuses to leave the hood of a moving car

    On an otherwise normal, sunny day,.

  • LG gram 17-inch lightweight laptop on sale: Save $200

    Just to let you know, if.

  • Sarah Owusu’s paintings put African and black beauty front and centre

    Artist Sarah Owusu pioneered a new.

  • People are waiting up to 10 hours for new Harry Potter ride at Universal

    If you’ve recently wondered when that.

  • Uber wants to be the ‘Amazon and Google of transportation’

    Uber CEO Dara Khosrowshahi last year.

  • Selena Gomez and Jimmy Fallon feel the burn in a ‘Hot Ones’ crossover episode

    The hit web series Hot Ones.

  • Save £450 on this 12-inch Apple MacBook from Amazon

    Just to let you know, if.

  • Microsoft unveils Xbox game based on ‘The Blair Witch Project’

    ‘The Blair Witch Project’ game, revealed.

  • Keanu Reeves won the Xbox E3 2019 press conference

    Leave it to Keanu Reeves, one.

  • 10% off everything on Lovehoney to celebrate National Sex Day

    Just to let you know, if.

  • Bradley Whitford on being the newest ‘Handmaid’s Tale’ baddie

    Since The Handmaid’s Tale began to.

  • This flying motorcycle takes coolness to new heights

    The Moto Volante flying motorcycle, created.

  • Uber takes to the skies once more with Uber Copter

    Disclosure Every product here is independently.

  • Stephen Colbert pulls apart Trump’s strange interview with Piers Morgan

    Well, after a very, very weird.

  • Samsung launches its Galaxy S10 in Cardinal Red color

    Disclosure Every product here is independently.

  • Amazon Prime members, one-day shipping has arrived

    Disclosure Every product here is independently.

  • Everything Apple revealed at WWDC 2019

    At its annual WWDC developer conference.

  • ‘Ford v. Ferrari’ trailer sees Matt Damon and Christian Bale rev up: Watch

    Matt Damon and Christian Bale have.

  • How doctors really feel about the Apple Watch’s health features

    With mountains of product leaks and.

  • Crisis counselors were on set for ‘When They See Us’ cast and crew

    Kevin Richardson, Antron Mccray, Raymond Santana.

  • What Jake and Logan Paul’s new gossip channel says about the state of YouTube

    Image: Jerritt Clark / getty images.

  • Eight kids just broke the 2019 National Spelling Bee in unprecedented result

    The 2019 National Spelling Bee produced.

  • Apple could save music lovers from the disaster that is iTunes

    Listening to music on macOS might.

  • 13 perfect places to be stoned this summer

    If there’s one reward for making.

  • New ‘order’ sticker spotted in Instagram Stories

    Instagram could be looking to step.

  • Malaysia’s last surviving male Sumatran rhino has died. Here’s why that’s important.

    Vale, Tam.Image: WWF-Malaysia / RAYMOND ALFRED.

  • How to keep your phone safe at the beach this summer

    Let’s be real. You’re going to.

  • Gaming disorder is officially a thing. Here’s what that means.

    Gaming disorder, which basically boils down.

  • Bong Joon-Ho’s ‘Parasite’ wins big at Cannes: What critics are saying

    Okja director Bong Joon-Ho’s Parasite won.

  • Netflix’s ‘The Perfection’ is a controversial nightmare: Review

    The following is a spoiler-free review.

  • ‘Resident Evil 4’ is still a top horror action game

    Resident Evil 4 was re-released on.

  • The Lonely Island’s surprise Netflix drop is hilarious for no reason

    In case anyone was worried that.