A security researcher discovered a new vulnerability in the Internet browser, ” Internet Explorer ” Microsoft ‘s Internet Explorer, allowing hackers to steal data users of Windows.
The worst part of the gap is that it does not require Microsoft Windows users to open the browser, which is no longer significant after the company’s focus on the newer Edge browser, but enough for hackers to have the software on the computer They can exploit the vulnerability.
Beige, also known as hyp3rlinx, wrote in a publication: “Internet Explorer is vulnerable to external XML entity attack.” The opening of a.MHT user is specifically set up within the device. “This could allow remote attackers to retrieve local files and remotely perform locally installed software version information.”
This means that hackers benefit from the vulnerability problem using.MHT files, a format for data that Internet Explorer uses for its web archive. Current web browsers do not apply.MHT format, so if a computer user tries to access this file, Windows opens the browser by default.
It is enough for hackers to start the attack making users open an attachment file delivered by email, messaging software or other file transfer services.
Security researcher Big said he tested the vulnerability using the latest version of Internet Explorer 11. It affects Windows 7, Windows 10, and Windows Server 2012 R2 users.
The most worrying thing, according to Big, is that Microsoft has told him that it would “study” fixing the hole in a future update. The security researcher says he called Microsoft in March before announcing a public breach.
According to the latest figures, Internet Explorer still accounts for about 10% of the web browser market, so it may be straightforward considering that just having a browser on the device is enough to exploit the gap.
Since the introduction of the Edge browser with Windows 10 years ago, Microsoft has been pushing users to abandon Internet Explorer, especially after its development was halted in 2015