Internet Explorer was already useless for most of us, but now it is dangerous to have the obsolete browser on your computer. A security researcher, John Page, found a new security flaw in Internet Explorer that allows hackers to steal data.
Here’s the craziest part: This flaw affects your Windows PC even if you never open the browser. So just by existing on your PC, IE allows malicious actors to steal Windows users’ data.
The vulnerability lies in how the web browser handles the .MHT files (IE’s file format for web archives). Web browsers today don’t use the .MHT format, so whenever a user attempts to access such files on a Windows PC, the system opens IE by default.
In short, you don’t even have to open IE for this exploit to work— just opening an attachment sent through chat or email will do the job.
Page tested the exploit using the last version of Internet Explorer, which is, IE 11; this vulnerability affects Windows 7, Windows 10 and Windows Server 2012 R2 systems.
But the most concerning part related to this flaw is Microsoft’s response. Apparently, the software giant told Page that it would just “consider” rolling out a fix for the flaw in a future update. He contacted Microsoft in March before going public with the issue.
Even though Internet Explorer makes for less than 10% of the entire browser market, the fact that this exploit just requires the victim to have IE on their PC makes it worrisome.