This Internet Explorer Bug Will Steal Data From Chrome, Firefox Users; Microsoft’s Reaction will Shock You!
Microsoft’s Internet Explorer has been the butt of jokes for many years now, and this latest development will drag its name further through mud. Another flaw of the age-old browser has been discovered, which allows hackers to steal data from computers.
What is even more atrocious, is that your data can be hacked and stolen even if the browser is not being used!
In short, leaving an Internet Explorer browser unused in your device can open up your device to potential threats from hackers.
Another Flaw in the Internet Explorer
John Page, a security researcher, discovered this flaw of the Internet Explorer and went on to publish the details and proof-of-concept code for the same. Apparently, it will also allow hackers to spy on unsuspecting users from afar.
Internet Explorer, V11, has an XXE (XML eXternal Entity) vulnerability, which means, it has a problem in the way the browser deals with the .MHT files. The other web browsers of today do not use this format, and hence, when users try to access such files, they are opened with the Internet Explorer only.
Page said, “Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally. This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”
This flaw affects multiple versions of Windows, such as Windows 7, Windows 10 and Windows Server 2012 R2 systems.
Microsoft’s Ignorance To The Issue
John Page made sure to get in touch with Microsoft and let them know about this issue. However, Microsoft sent the security researcher a message, in which the company blatantly turned a blind eye towards the issue and refused to consider the flaw for urgent security fix.
The company said that a fix for this issue will come in the next update of the product or service. They also said, “At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”
On the lack of a positive response from the company, Page took it upon himself and posted the details of the bug on his site along with a proof-of-code and a YouTube demo video.
Here’s what you can do:
Make sure to scan all the MHT files in your computer, even if it has been used, opened or modified recently, and even if it hasn’t been touched in days.