Slashdot Mirror
Internet Explorer Exploit Steals Data From Windows Users-- Even If They Never Use Internet Explorer (mashable.com)
Security researcher John Page has revealed a new zero-day exploit that allows remote attackers to exfiltrate Local files using Internet Explorer. "The craziest part: Windows users don't ever even have to open the now-obsolete web browser for malicious actors to use the exploit," reports Mashable. "It just needs to exist on their computer..."
[H]ackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default. To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service...
Most worrisome, according to Page, is that Microsoft told him that it would just "consider" a fix in a future update. The security researcher says he contacted Microsoft in March before now going public with the issue. As ZDNet points out, while Internet Explorer usage makes up less than 10 percent of the web browser market, it doesn't particularly matter in this case as the exploit just requires a user to have the browser on their PC.
Most worrisome, according to Page, is that Microsoft told him that it would just "consider" a fix in a future update. The security researcher says he contacted Microsoft in March before now going public with the issue. As ZDNet points out, while Internet Explorer usage makes up less than 10 percent of the web browser market, it doesn't particularly matter in this case as the exploit just requires a user to have the browser on their PC.
Oh, wait, you mean I have to open a malicious attachment to be exposed to this risk? Your shocking headline had me concerned, for a moment.
Chrome can open MHTML files, Firefox used to (with an add-on) but not anymore, and there are free viewers available. All one has to do is to set the association of .MHT files to another program.
Over 20 years since IE started coming bundled with Windows in a deeply integrated manner. There will be outbreaks of IE malware for years due to the fact so many buisnesnesses only supported IE as their web browser. The same thing will happen with the widespread adoption of chromium instead of developing multiple independant browsers to ensure web diversity. Now Mo$Illa had been bribed to downgrade their browser we are now in the era of adverbrowsers and will contain more ways to attack your browser due to the constant bloat being added to them. Prepare for the Wannacry decade powered by ChromIE.
I think it was supposed to mean that the "h" was lowercase in the featured article but uppercase in the quotation. The corresponding sentence in TFA begins as follows: "Basically, what this means is that hackers are taking advantage of a vulnerability..."
But in this sense, the word was was used in the sense of electronic intruders, not people who enjoy playful cleverness. I personally would have marked the entire first word as rephrased: "[Intruders] are taking advantage of a vulnerability..."
You should get a User Account Control prompt, select yes.
To see what the current association is, enter
and press Enter/Return. It'll likely return
and if you wish to check if IE is the handler for that file type enter
and press Enter. If the result mentions iexplore.exe, that's IE.
Enter the following two lines (pressing Enter after each) to break the association for IE archives (there are two extensions associated):
Close the prompt (type exit and press Enter, or click the "X" close window control).
A somewhat safer way (in terms of other possible exploits, not in mucking up your PC) is to use ftype to list any file types opened by IE ( ftype | find "iexplore" ) and then delete those filetypes ( ftype filetype= ), but if you're not confident with what you're doing, skip that.