An open Internet Explorer security flaw gives hackers the ability to access users’ files, after a security researcher reveals the exploit…
Internet Explorer doesn’t have a good reputation for strong security. And, it’s made worse by the latest issue discovered. In fact, it’s now possible for bad actors to gain access to PCs simply by having the Microsoft browser installed.
Internet Explorer Security Flaw Lets Hackers Steal Users’ Files
Security researcher John Page reveals an unpatched exploit through its MHT file support. This serves as IE’s web archive format and makes it possible to spy on or steal Windows users’ local data.
Making it worse is the fact Windows opens MHT files with IE by default. Which means the browser doesn’t even have to be running. Users need only to open a chat or email attachment.
The vulnerability impacts three different platforms: Windows 7, Windows 10, and Windows Server 2012 R2.
Exacerbating the problem is Microsoft’s reported response. After learning of the exploit, the company refused to push out a security patch. Instead, the software giant said it would “consider” a fix inside a future release.
Page explains the risk: “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”
Although a patch is ostensibly on its way, it nevertheless leaves millions of users vulnerable. The best precautions are to turn off Internet Explorer or use another application to open MHT files.