Internet Explorer is not exactly the most popular search engine, and this new security incident definitively won’t help. According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), new zero-day vulnerability has been discovered in this search engine that makes Windows OS computers vulnerable to file theft attacks.
According to the reports, the vulnerability is
found in the use of Internet Explorer MHT files when a user saves a webpage.
The vulnerability is in the opening of MHT files. “Internet Explorer is
vulnerable to an XML External Entity attack if a user opens a specially
designed MHT file. This drawback would allow an attacker to extract local files
and perform a remote reconnaissance of the Program version installed on the
compromised machine. For example, sending a c:Python27NEWS.txt request might
return the version information of that program
as a response”.
According to the cyber forensics course experts,
a computer is still vulnerable to this attack even if it does not use Internet
Explorer as its default browser, it is only required that this program is
installed on the computer and that the user opens a MHT file, because the Windows
system uses Internet Explorer to open the MHT files by default.
Researchers in charge of discovering this
vulnerability published their findings, including a proof of concept of
exploitation, in recent days, and say that Microsoft is aware of this security
problem. In this regard, Microsoft stated: “A correction for this
vulnerability could be launched in the future; at the moment no updates will be
developed for this incident. The case is closed”, concluded the company.
Although the company has decided not to correct
this zero day vulnerability for the moment, it is necessary to emphasize that
the exploit published by the investigators has proved to be functional in
Internet Explorer 11 in Windows 10 and 7 systems, mention the cyber forensics
course specialists.
