Internet Explorer Bug Threatens Windows Users.

Almost four years after its younger sibling, Microsoft Edge, was born, security researchers keep finding troublesome security bugs in Internet Explorer.

The most recent bug found is a proof of concept published by John Page (aka hyp3rlinx), a security researcher. The flaw takes advantage of a weakness in the way the browser deals with MHTML (MHT) files. These are Internet Explorers default web page archiving format.

If Windows 7, Windows 10 or Windows Server 2012 R2 runs into one of these files, it will open by default with Internet Explorer, which means that an attacker would only have to convince the user to open the file. Succeeding in that would allow remote attackers to pull local files from your machine and conduct remote reconnaissance.

So, what if you use Google Chrome or have moved on to Edge? Unfortunately, this is still a problem because most Windows computers come with Internet Explorer when you buy them. With Windows 10, Internet Explorer will still need to undergo a small setup process on the first startup. This may draw some attention to attacks that exploit this bug.

One thing you can do to avoid the exploit is to not enable Internet Explorer. If you can, go ahead and uninstall it through the Control Panel. When John Page (aka hyp3rlinx) reported the bug to Microsoft, Microsoft replied with this:


“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

Reading this as dismissive, John Page published his proof of concept and video demonstrating that his exploit works as claimed. Some have started to call it a “zero-day vulnerability” because it is a known bug with no patch, while a zero-day attack is an attack targeting a previously unknown bug.

Microsoft will undoubtedly patch the vulnerability in the future, hopefully sooner than later.

Share This Article

Strong Password, IT Tech, why a strong password, how to make a strong password, IT, Strong Password, password, cyber security, making a strong password

The Importance of a Strong Password and What Makes One

Your password is your key to the world of online security. The stronger your password is, the safer you are. But what makes a strong password? How do you create one? And why should you care? You’ll find answers to all these questions in this article! Why Does Your Password Matter? The security of your

Read More »
IT Consulting, IT management, managed IT, IT partner, how does IT consulting work, IT consulting services

How Do IT Consulting Services Work, and Why Do You Need It?

When you hear the term “IT consultant,” it’s easy to assume that it refers to someone who helps people set up their new iPhones. But in the business world, “IT consultant” is a much more complex and important role. An IT consultant may be hired by companies of all sizes to help them achieve their

Read More »
E-Waste, e-waste recycling, computer recycling, electronic waste recycling, electronic waste, how to properly recycle your electronics electronic recycling

The Importance of E-Waste Recycling

E-Waste is Becoming A Major Problem The world is becoming increasingly dependent on electronics. We use our phones and computers more than ever to communicate, shop, and entertain ourselves. But with this increased reliance comes an increased waste stream. Environmental activists have been sounding the alarm about the amount of e-waste being produced in recent

Read More »