Internet Explorer exploit is trouble even if you never use the browser

Finally stopped using Internet Explorer? Good! But, now it’s time to completely delete it from your computer, too.

Security researcher John Page has discovered a new security flaw that allows hackers to steal Windows users’ data thanks to Internet Explorer. The craziest part: Windows users don’t ever even have to open the now-obsolete web browser for malicious actors to use the exploit. It just needs to exist on their computer.

“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally,” writes Page. “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”

Basically, what this means is that hackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default.

To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service.

Source: Internet Explorer exploit is trouble even if you never use the browser