Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Windows 10 Surface Pro 4 stock photo
Mark Von Holden/AP Images for AP Images for Windows/Microsoft Image Gallery

There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is.

According to ZDNet, a security researcher named John Page has published evidence of an Internet Explorer zero-day exploit that renders Windows PCs vulnerable to having their files stolen by hackers.

The zero-day exploit itself lies within Internet Explorer’s use of MHT files when users save webpages. But the file-stealing vulnerability isn’t necessarily in the saving of webpages in this format; as Page notes, it’s in the opening of MHT files:

“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally.This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information. Example, a request for “c:\Python27\NEWS.txt” can return version information for that program.”

And as, ZDNet notes, even if you don’t use Internet Explorer as your main browser, your PC could still be vulnerable to this specific zero-day attack if you still have Internet Explorer installed and you open an MHT file. This is because MHT files are still opened by Internet Explorer by default on Windows PCs.

Page published the evidence (including a YouTube video and proof-of-concept code) online on April 12 and has claimed that not only did Microsoft know about the vulnerability, but that the technology company opted to not patch it when he notified them about it on March 27.

According to Page’s post, Microsoft replied to his message on April 10 with the following response:

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

While there isn’t a patch for this zero-day exploit, it’s still worth mentioning that Page was able to confirm that the exploit works on Internet Explorer 11 on the following Windows systems: Windows 10, Windows 7, and Windows Server 2012 R2.

In general, though, as you would with files from unknown senders, you should exercise caution when opening MHT files regardless of your operating systems, since, as ZDNet notes, MHT files have a history of being used to transmit malware.

Computing

Microsoft says hackers were able to view Outlook.com emails

Microsoft's Outlook.com email platform saw a massive breach that caused confidential data to be accessed by hackers for months. It now appears the problem might have been much worse than initially thought, and worse than Microsoft admitted.
Gaming

Play The Sims 4 the way it was meant to be played using a keyboard and mouse

The Sims 4 recently added keyboard and mouse support on Xbox One and PS4, giving players the chance to experience the game as it was designed. Here is how to use keyboard and mouse in The Sims 4.
Gaming

This list of PlayStation 4 exclusives puts its competitors to shame

The PlayStation 4's game library and incredible selection of exclusive games could make anyone with an Xbox One or Nintendo Switch think twice. Here's our list of the latest and greatest PS4 exclusives.
Movies & TV

The best shows on Netflix right now (April 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Gaming

Among hundreds of choices, these are the 25 best SNES games of all time

The Super Nintendo Entertainment System just might be the greatest game console ever made, but which are the best titles for the system? Here are our picks for the best SNES games.
Deals

The Dell G5587 gaming laptop is on sale for one of the lowest prices we’ve seen

Even diehard desktop PC gamers have to admit that gaming laptops have come a long way in recent years, and the beefy Dell G5587 – now on sale from Walmart for $300 off – is a solid sub-$1,000 machine for work and play.
Computing

HP’s new Zbook, EliteBook 800 workstations go 4K with 8th-gen Intel CPUs

HP's new line of workstation laptops includes some seriously durable EliteBook and ZBook designs, with options for high-end, eighth-generation Intel CPUs, 2TB of storage, and discrete AMD Radeon graphics chips.
Computing

Light up your external GPU with Razer’s new Core X Chroma enclosure

The Razer Core X Chroma external graphics card enclosure is big enough for three-slot graphics cards, with enough space for a 700w PSU and it brings back the RGB lighting of the Core V2 — all for the same price as its predecessor.
Computing

Microsoft accelerates carbon reduction plans in new sustainability push

Microsoft wants to accelerate its sustainability goal of becoming a zero-carbon company. To reach those goals, Microsoft is doubling its self-imposed carbon tax to incentivize business divisions in making sustainable choices.
Computing

MacOS update may include external display support for iPads

Apple's upcoming MacOS is rumored to include a new native external display support feature. Code-named "Sidecar" the new feature is expected to allow MacOS computers to send app windows to external displays like iPads.
Deals

Apple’s MacBook laptop is on sale for just $800 for a limited time

If you have your heart set on a MacOS-powered laptop, B&H has a sale on Apple's MacBook that takes the price down to $800. Only select models are on sale right now, but you can score up to a $600 savings if you act quickly.
Computing

AMD could offer ray tracing with next-gen Navi graphics cards

Navi is the next-generation graphics card line from AMD and it's coming in just a couple of months time. When it does arrive, one of its major features may be ray tracing, which has to date been an Nvidia-exclusive feature.
Product Review

You won't buy Microsoft's Surface Hub 2S, but it could still change your life

The Microsoft Surface Hub 2S wants to change the way you collaborate at work. That’s a lofty goal most devices fail to achieve, but the unique Hub 2S could be an exception. And trust us – you’re going to want it.
Features

Exclusive: The Surface Hub 2S will revolutionize work. Here’s how it was made

Exclusive interviews with the designers, futurists, and visionaries behind the Surface Hub 2 paint a dramatic picture of how Microsoft thinks collaboration will change your office.