Microsoft Internet Explorer has quite a bad reputation when it comes to being a secure web browser. The reason we said this was because the browser has a well-documented history of extensive security flaws and extremely slow speed of patching the problems. In fact, Microsoft has stopped recommending users to use the browser. According to a new report online, a new security flaw has been discovered in the web browser. Taking a look at the details of the flaw, it is a zero-day security bug which means that there is no patch for the problem. In addition to the fact that it is a zero-day security flaw, the report also revealed that it allows hackers to steal files from other systems Also Read - Windows 10 latest update crashes File Explorer, gives users other issuesAlso Read - You can play Xbox xCloud games on your TV soon, thanks to a streaming dongle from Microsoft
According to a report by ZDNet, the problem was discovered by John Page, a security researcher. The researcher has also published the details of the issue along with proof-of-concept online showing how the problem works. Considering that the details are already out, you may think that Microsoft has already fixed the problem but you are wrong to think that. The report noted that Microsoft refused to fix the issue because it did not consider the problem important enough. Also Read - Xbox Series S to get Rs 5,000 discount on Flipkart Big Billion Days sale
Watch: Android Q First Look
As part of the statement sent to the researcher, Microsoft stated, We determined that a fix for this issue will be considered in a future version of this product or service. Taking a look at the flaw, the report explained that the bug lies in the way Internet Explorer processes MHT files . For context, MHT files where the MHTML Web Archive files that the browser used to save web pages. Furthermore, this format is selected by default when a user presses CTRL and S keys together.
Page stated, This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information. Hackers just need to send an infected malicious MHT file to the user to exploit the flaw. Even though one needs some user interaction to fully exploit the problem but that can be automated . The bug is present on Internet Explorer version 11 in Windows 7, Windows 10, and Windows Server 2012 R2. The report also noted that most modern web browsers don t save files in this format and instead use the standard HTML format. However, most browsers still have the facility to process the MHT files.