An application that comes pre-installed on Windows 10 devices is Internet Explorer, a web browser that has been around since 1995.
However, it appears having the programme installed on your computer could allow hackers to steal your data, according to security researcher John Page.
Page recently discussed the vulnerability that stems from how Internet Explorer saves web pages in a .MHT file format.
More contemporary internet clients, such as Google Chrome, do not deal with a .MHT file in the same fashion but still support it.
The fact Internet Explorer harnesses the .MHT format in a more substantial fashion than its more modern rivals means the programme is the default for opening them, as noted by ZDNet.
Page insisted this could allow “remote attackers” to send a malicious .MHT file to the user through email or another form of communication.
If opened, the researcher said this could allow a third-party to gain access to local files and programme information on a device.
Internet Explorer’s support for .MHT files means this method could be used on Windows fans that have never used the browser, but still have it installed.
Page said he was able to successfully recreate the technique on Windows 10, Windows 7 and Windows Server 2012 R2 using the latest version of the web browser, 11.
The researcher declared after discovering the vulnerability he told Microsoft about it.
In a post discussing the issue, Microsoft was quoted as not expressing an eagerness to fix the problem.
Microsoft was claimed to have said: “We determined that a fix for this issue will be considered in a future version of this product or service.
“At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”
Since then, Page has discussed the vulnerability in depth and has even created a YouTube video that displayed the alleged code needed to take advantage of the flaw.
Microsoft no longer incentivises Windows users to take advantage of Internet Explorer.
In fact, last month the firm iterated fans should not use it as their default client in a blog post.
To combat the vulnerability, it is advised Windows users scan any MHT files for malicious code or even uninstall Internet Explorer altogether until a fix is provided by Microsoft.
Published at Wed, 17 Apr 2019 05:45:00 +0000