much-maligned Internet Explorer web browser has been
discovered to be the cause of a new Windows exploit, which could
let hackers access and obtain operating system user data.
Security researcher John Page discovered the security flaw,
finding that any user with Internet Explorer installed on their
system is vulnerable to the exploit, whether or not they’re
currently using the browser or have even opened it before.
Page reportedly reached out to Microsoft last month, warning
them of the exploit and requesting an urgent security fix, but
ZDnet, the tech giant responded by saying that “a fix
for this issue will be considered in a future version of this
product or service”.
In response, Page made his findings public, including a YouTube
video demonstrating the exploit. (Note: mute the
video unless you want to hear some low bit-rate thrash metal).
The hack relies on Internet Explorer’s ability to save its web
pages in the .MHT file format, something modern browsers don’t
allow, thus making IE the default application to open such
Bad actors can use this shortcoming to send users a malicious
.MHT file via email or other such communication services and, if
opened, an .MHT file containing an exploit could allow hackers to
obtain access to the local files and program information of these
According to Page, The hack has been successfully tested in
Internet Explorer 11 (the latest version) on Windows 7, Windows 10,
and Windows Server 2012 R2 operating systems.
Sounds like it’s a great time to take
Microsoft’s own advice on avoiding Internet Explorer –
and perhaps even go a step further, and delete the browser from
your system altogether.
Source: FS – All Tech News 2
Internet Explorer hack could steal users' data – even if you use Chrome or Firefox