Microsoft's much-maligned Internet Explorer web browser has been discovered to be the cause of a new Windows exploit, which could let hackers access and obtain operating system user data.
Security researcher John Page discovered the security flaw, finding that any user with Internet Explorer installed on their system is vulnerable to the exploit, whether or not they're currently using the browser or have even opened it before.
Page reportedly reached out to Microsoft last month, warning them of the exploit and requesting an urgent security fix, but according to ZDnet (opens in new tab), the tech giant responded by saying that “a fix for this issue will be considered in a future version of this product or service”.
In response, Page made his findings public, including a YouTube video demonstrating the exploit. (Note: mute the video unless you want to hear some low bit-rate thrash metal).
The hack relies on Internet Explorer's ability to save its web pages in the .MHT file format, something modern browsers don't allow, thus making IE the default application to open such files.
Bad actors can use this shortcoming to send users a malicious .MHT file via email or other such communication services and, if opened, an .MHT file containing an exploit could allow hackers to obtain access to the local files and program information of these users.
According to Page, The hack has been successfully tested in Internet Explorer 11 (the latest version) on Windows 7, Windows 10, and Windows Server 2012 R2 operating systems.
Sounds like it's a great time to take Microsoft's own advice on avoiding Internet Explorer – and perhaps even go a step further, and delete the browser from your system altogether.
[via ZDnet (opens in new tab)]