A security researcher has found another defenselessness in Internet Explorer that could conceivably empower hackers to steal your data.
John Page (otherwise known as hyp3rlinx), has uncovered a new security flaw in V11 of Internet Explorer that conceivably enables assailants to get to your PC's local files and spy on you remotely.
The most troubling part of this disclosure is that you don't have to run the browser so as to open your PC to this flaw. Essentially opening the wrong connection or message could be enough.
The issue originates from the manner in which Internet Explorer processes certain files as John Page explains:
"Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally."
MHT (aka as MHTML Web Archive) files open in Internet Explorer by standard, so essentially opening such an attachment from an email is sufficient to begin the procedure regardless of whether IE isn't your default browser.
As indicated by the first report, Microsoft was advised of the defenselessness on 27 March, yet has declined to discharge an urgent fix for the problem stating:
"We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case."
Meanwhile, conceivably a huge number of clients are left powerless against the adventure. In spite of the fact that information demonstrates an unfaltering decline in Internet Explorer use, all Windows users are still vulnerable if the browser is installed on their machine.
If you don't want to wait and rely on Microsoft to roll out a fix, then you can always uninstall Internet Explorer yourself just to be safe.