Internet Explorer causes new exploit - Whether you use it or not

Doris Richards
April 18, 2019

A security researcher has discovered a vulnerability in Microsoft's Internet Explorer which allows hackers to potentially steal user data even if they don't use the browser.Security researcher John Page explained that the browser is vulnerable to XML External Entity attack if a user opens something malicious.

While Internet Explorer usage now only accounts for less than 10 percent of the web browser market share, the exploit only requires a Windows user to have the browser on their computer. According to him through this hackers will be able to extract Local files, can also scan through the information of locally installed program versions.

The exploits were tested successfully by the researcher in the latest Internet Explorer browser which has the security patches, using Windows 7, Windows 10, and Windows Server 2012 R2 systems.

This means that while only a fraction of users are still on Internet Explorer, the threat is actually much larger, given the way the security flaw operates.

For example, when a user saves a webpage, either manually or by typing CRTL and the "S" key, it saves in.MHT format. The other web browsers of today do not use this format, and hence, when users try to access such files, they are opened with the Internet Explorer only.

"Upon opening the malicious '.MHT' file locally it should launch Internet Explorer".

'Afterwards, user interactions like duplicate tab "Ctrl+K" and other interactions like right click "Print Preview" or "Print" commands on the web-page may also trigger the XXE vulnerability, ' Page continued.

Additionally, the exploit works around Internet Explorer's typical security alert system.

The researcher had reached out to Microsoft about the exploit, but says that the software company had declined to consider the issue an urgent security fix.

Earlier in 2019, Microsoft cybersecurity expert Chris Jackson urged anyone still using Internet Explorer to finally give it up. As long as the browser is there on your computer, hackers can get to you. In their message, Microsoft mentioned that this issue will be considered in the next update of the product but the company can not now, provide an update on this and that this case is closed.

Microsoft's Internet Explorer (IE) was revolutionary when it made its debut in 1995.

'The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MHT file exploitations have already been used by cybercriminals for spreading malware and spear-phishing as these files are a common way to send and receive exploits to user's systems. Be that as it may, it's clear that this isn't a vulnerability that should be taken lightly.

Other reports by Iphone Fresh

Discuss This Article