Follow Us:
Monday, May 23, 2022

Internet Explorer flaw can let hackers steal user files from Windows PC

A security researcher has revealed a flaw in Microsoft's Internet Explorer than leaves Windows users open to security threats leading to the theft of user files from PC.

By: Tech Desk | New Delhi |
Updated: April 16, 2019 4:33:15 pm
internet explorer, ie, windows, microsoft, internet explorer vulnerability, internet explorer hack user file, microsoft internet explorer security threat, security threat windows, internet explorer security threat Security researcher John Page has revealed an unpatched exploit in the web browser’s handling of MHT files.

A fresh revelation has highlighted a vulnerability that can affect users of Windows 7, Windows 10 and Windows Server 2012 R2 via the Internet Explorer. This comes after Microsoft admitted a hacker had access to Outlook accounts of some users for three months.

A security researcher John Page has published details about how hackers can use the Internet Explorer to steal files from Windows systems, ZDNet reported first. The vulnerability resides in the way web browser handles MHT files (Internet Explorer’s default web archive format). While almost all the modern browsers don’t save web pages in MHT format and use the standard HTML file format, Internet Explorer saves a web page in MHT format.

On his website, John Page published details about XXE (XML external entity) vulnerability in Internet Explorer that hackers can exploit when a user opens an MHT file. “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information,” Page stated.

All MHT files are automatically set to open by default in Internet Explorer on Windows. So as soon as users opens a file they received via email or any other medium, it leaves them vulnerable to threats. Even if Internet Explorer is not set as the default web browser, it will pop up to open the MHT file.

Best of Express Premium

Horoscope Today, May 24, 2022: Cancer, Leo, Libra and other signs — check...Premium
UPSC CSE Key – May 23, 2022: What you need to read todayPremium
Opinion: Can India turn Quad into an instrument to realise its significan...Premium
Presidential polls: For Congress, a prelude to battles aheadPremium

Page elaborates that the actual vulnerable code relies on how the web browser deals with ctrl+K (duplicate tab), ‘Print Preview’, and ‘Print’ commands. He explains how easy it is for hackers to steal user files and how they can disable Internet Explorer’s security alert system. Page said that he tested the exploit in the latest Internet Explorer browser v11 with all the recent security patches on the aforementioned windows operating systems.

Also read | Microsoft informs hackers had accessed some Outlook account emails for months

Page said that he posted the details of the exploit after Microsoft repeatedly declined to roll out an urgent security fix. Instead, they said that a fix would be ‘considered’ in a future release. It will leave those users open to threat unless they either turn-off Internet Explorer or install another app that can open MHT files.

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard