Internet Explorer Bug Threatens Windows Users.

Almost four years after its younger sibling, Microsoft Edge, was born, security researchers keep finding troublesome security bugs in Internet Explorer.

The most recent bug found is a proof of concept published by John Page (aka hyp3rlinx), a security researcher. The flaw takes advantage of a weakness in the way the browser deals with MHTML (MHT) files. These are Internet Explorers default web page archiving format.

If Windows 7, Windows 10 or Windows Server 2012 R2 runs into one of these files, it will open by default with Internet Explorer, which means that an attacker would only have to convince the user to open the file. Succeeding in that would allow remote attackers to pull local files from your machine and conduct remote reconnaissance.

So, what if you use Google Chrome or have moved on to Edge? Unfortunately, this is still a problem because most Windows computers come with Internet Explorer when you buy them. With Windows 10, Internet Explorer will still need to undergo a small setup process on the first startup. This may draw some attention to attacks that exploit this bug.

One thing you can do to avoid the exploit is to not enable Internet Explorer. If you can, go ahead and uninstall it through the Control Panel. When John Page (aka hyp3rlinx) reported the bug to Microsoft, Microsoft replied with this:

 

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

Reading this as dismissive, John Page published his proof of concept and video demonstrating that his exploit works as claimed. Some have started to call it a “zero-day vulnerability” because it is a known bug with no patch, while a zero-day attack is an attack targeting a previously unknown bug.

Microsoft will undoubtedly patch the vulnerability in the future, hopefully sooner than later.

Share This Article

Share on facebook
Share on twitter
Share on linkedin
small business tech, small business technology, how to use technology to improve customer service, how to use technology to improve my business, how to use technology to keep my business secure

How to Use Technology to Improve Customer Service and Stay Secure

Do you ever feel like a lack of technology is holding your business back? It’s hard to grow when you don’t have the technology to compete with other companies in your industry. Small business tech can help you improve your customer service and accomplish your goals for growth. What is customer service, and how can

Read More »
OneDrive, OneDrive Integration, OneDrive integration in Windows 11 Pro, Windows 11 Pro, Windows 11 Pro OneDrive Integration

What You Should Know About OneDrive Integration in Windows 11 Pro

In case you’re not quite sure, OneDrive is Microsoft’s cloud server-based file hosting and backup service for customers of the company’s numerous software and hardware products. Naturally enough, it comes as an option for Windows 11 Pro users as well. When it comes to OneDrive, the application and its services have both their ups and

Read More »
windows 11, windows 10, operating system, OS, Windows OS

Windows 11 vs. Windows 10: Should You Upgrade?

Windows 10 was a big step up from Windows 8, and many people wonder if they should upgrade to Windows 11. Windows 11 vs. Windows 10: Should You Upgrade? Microsoft has not released any information about the new operating system yet, but we can make some guesses based on what we know about Windows 10.

Read More »