Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Explorer Exploit Steals Data From Windows Users-- Even If They Never Use Internet Explorer (mashable.com)

Posted by EditorDavid on from the bad-browser-bugs dept.

Security researcher John Page has revealed a new zero-day exploit that allows remote attackers to exfiltrate Local files using Internet Explorer. "The craziest part: Windows users don't ever even have to open the now-obsolete web browser for malicious actors to use the exploit," reports Mashable. "It just needs to exist on their computer..." [H]ackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default. To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service...

Most worrisome, according to Page, is that Microsoft told him that it would just "consider" a fix in a future update. The security researcher says he contacted Microsoft in March before now going public with the issue. As ZDNet points out, while Internet Explorer usage makes up less than 10 percent of the web browser market, it doesn't particularly matter in this case as the exploit just requires a user to have the browser on their PC.

1 of 80 comments (clear)

  1. To Disable The Association in Windows... by Keramos · · Score: 5, Informative
    Find Command Prompt in whatever start menu you have (it's probably under Accessories), and right-click on it, then select Run as administrator.
    You should get a User Account Control prompt, select yes.
    To see what the current association is, enter

    assoc .mht

    and press Enter/Return. It'll likely return

    .mht=mhmtlfile

    and if you wish to check if IE is the handler for that file type enter

    ftype mhtmlfile

    and press Enter. If the result mentions iexplore.exe, that's IE.
    Enter the following two lines (pressing Enter after each) to break the association for IE archives (there are two extensions associated):

    assoc .mht=

    assoc .mhmtl=

    Close the prompt (type exit and press Enter, or click the "X" close window control).
    A somewhat safer way (in terms of other possible exploits, not in mucking up your PC) is to use ftype to list any file types opened by IE ( ftype | find "iexplore" ) and then delete those filetypes ( ftype filetype= ), but if you're not confident with what you're doing, skip that.