Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Windows 10 Surface Pro 4 stock photo
Mark Von Holden/AP Images for AP Images for Windows/Microsoft Image Gallery

There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is.

According to ZDNet, a security researcher named John Page has published evidence of an Internet Explorer zero-day exploit that renders Windows PCs vulnerable to having their files stolen by hackers.

The zero-day exploit itself lies within Internet Explorer’s use of MHT files when users save webpages. But the file-stealing vulnerability isn’t necessarily in the saving of webpages in this format; as Page notes, it’s in the opening of MHT files:

“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally.This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information. Example, a request for “c:\Python27\NEWS.txt” can return version information for that program.”

And as, ZDNet notes, even if you don’t use Internet Explorer as your main browser, your PC could still be vulnerable to this specific zero-day attack if you still have Internet Explorer installed and you open an MHT file. This is because MHT files are still opened by Internet Explorer by default on Windows PCs.

Page published the evidence (including a YouTube video and proof-of-concept code) online on April 12 and has claimed that not only did Microsoft know about the vulnerability, but that the technology company opted to not patch it when he notified them about it on March 27.

According to Page’s post, Microsoft replied to his message on April 10 with the following response:

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

While there isn’t a patch for this zero-day exploit, it’s still worth mentioning that Page was able to confirm that the exploit works on Internet Explorer 11 on the following Windows systems: Windows 10, Windows 7, and Windows Server 2012 R2.

In general, though, as you would with files from unknown senders, you should exercise caution when opening MHT files regardless of your operating systems, since, as ZDNet notes, MHT files have a history of being used to transmit malware.

Computing

Mueller report releases on CD, forces Congress to find PCs with disc drives

The Mueller report was released this week to Congress via CDs and congressional members had to find PCs with working disc drives to access the 400-page document. The redacted report was also released to the public on a website.
Movies & TV

The best shows on Netflix right now (April 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Gaming

Transform into the ultimate leader with our tips and tricks for Civilization 6

Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you master the game's many intricacies.
Gaming

Play The Sims 4 the way it was meant to be played using a keyboard and mouse

The Sims 4 recently added keyboard and mouse support on Xbox One and PS4, giving players the chance to experience the game as it was designed. Here is how to use keyboard and mouse in The Sims 4.
Computing

Former student uses USB Killer device to fry $58,000 worth of college’s PCs

A former student used a USB Killer device to short circuit more than $58,000 of computers at a private New York college earlier this year. The student pled guilty to the charges and sentencing is scheduled to begin in August.
Computing

AMD Ryzen CPU prices get slashed ahead of Ryzen 3000 release

AMD's Ryzen CPUs have had their prices slashed as we edge towards the release of their third generation. Whether you're a gamer or someone who needs multi-threaded performance, there's a deal for everyone with some heavy discounts to take…
Computing

The number pad on HP’s Chromebook 15 makes spreadsheet work a breeze

HP's Chromebook 15 comes with a 15.6-inch display, a metal keyboard deck with full-size keys, and a dedicated number pad, making it the second Chromebook model, following Acer's Chromebook 715, to be suited for spreadsheet work.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.
Computing

AMD’s 2020 Ryzen CPUs could have a big boost in power efficiency

The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to deliver impressive gains to performance and power efficiency.
Computing

The iPhone’s Screen Time and Siri Shortcuts could land on Macs this year

For its desktop computers, it appears that Apple may continue to draw from the iPhone for inspiration. iOS 12 features, like Screen Time and Siri Shortcuts, are believed to be making their way to MacOS this year at WWDC in June.
Computing

Dell slashes prices of XPS 13 and Alienware 17 laptops in latest promo

Dell's latest promotion will score you big savings on the XPS 13 or the Alienware 17. The stylish XPS 13's discount is for $430, and only the rose gold model is on sale, while gamers who choose the Alienware 17 will save $860.