San Francisco: Microsoft’s Internet Explorer (IE) that has dealt with a reputation for poor security for years, now makes PCs vulnerable even if it is just installed in them, a security researcher has found. According to researcher John Page, an unpatched exploit in the web browser’s handling of MHT files (IE’s web archive format), hackers can use to both spies on Windows users and steal their local data.
“As Windows opens MHT files using IE by default, you don’t even have to run the browser for this to be a problem — all you have to do is open an attachment sent through chat or email.
“This wouldn’t be an issue if it weren’t for the disclosure of the flaw. Page posted details of the exploit after Microsoft reportedly declined to roll out an urgent security fix, Engadget reported on Sunday. The vulnerability affects Microsoft Windows 7, Windows 10 and Windows Server 2012 R2.
“Microsoft said a fix would be ‘considered’ in a future release. While that does suggest a patch is on the way, it leaves millions of users potentially vulnerable unless they either turn off Internet Explorer or point to another app that can open MHT files,” the report added.
The news came at a time when Microsoft, coming to terms with the Outlook.com data breach case, reached out to some users, informing them of the hack which exposed data sent over emails to hackers who kept accessing their accounts between January 1 to March 28.
In an email, Microsoft claimed that apart from the content of the emails including attachments, the hackers could have possibly viewed account email addresses, folder names and subject lines of the emails sent and received.
The case came to notice when the software giant discovered that the credentials of a support agent were compromised for its webmail service which led to unauthorised access into some accounts.
With Microsoft dragging its heels over the issue, there’s very little that users can do to protect themselves against the vulnerability. The reason behind this is the fact that Microsoft has already announced the end of support for Internet Explorer 10 in 2020 and has revealed that Internet Explorer 11 will be the last update to the browser — after which the browser will most likely be discontinued altogether.
As such, the best which users can do now is move on from this ageing web-browser to more modern and secure platforms that have been built keeping in mind modern day security threats and loopholes. And for those who don’t use the browser, but have kept it installed anyway, its time they uninstall the Internet Explorer from their PCs for good as this appears to be the only sure shot way of making sure your sensitive local data remains safe.