Internet explorer zero day exploit lets hacker steal your private data
As soon as you install windows in your PC and open Internet Explorer for the first and last time to download a different browser IE requests you to try their browser but we already have thousands of reasons not to use Internet Explorer but here’s a new reason.
According to security researcher John Page, Internet Explorer zero-day exploit that allows hackers to steal your personal data files from your pc.
The zero-day exploit is found in Internet Explorer’s use of MHT files when users save any webpages. But the file-stealing vulnerability isn’t necessarily in the saving of webpages in this format; as Page notes, it’s in the opening of MHT files. MHT is the default standard in which internet explorer saves the webpages when a user hits ctrl+s while modern browsers like chrome and firefox use the standard HTML format to save the webpage.
John Page posted about the vulnerability in IE that can expose users data to a hacker if they open MHT files.
“This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed
Program version information,” Page said. “Example, a request for ‘c:\Python27\NEWS.txt’ can return version information for that program.”
active content or security bar warnings.”
John Page also said that he informed Microsoft on the 27th march but Microsoft didn’t make any move to patch this exploit and replied to Page saying “We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”
The exploit is present on the following Windows versions: Windows 10, Windows 7, and Windows Server 2012 R2. In order to keep your data away from hackers be cautious to respond to any messages or emails with MHT files