The vulnerability was found residing among the MHT files process of IE. For context, MHT is short of MHTML Web Archive, and is the default method in which all IE browsers save web pages. This method of saving web pages is ancient by today’s modern browser standard and is not used anymore, albeit still carrying support for the process. The security researcher further explains that the vulnerability enables hackers to “potentially exfiltrate local files and conduct remote reconnaissance on locally installed Program version information”. What is even more concerning how trivial the IE exploit is; MHT files automatically open up on IE by default. Once opened, the exploit need not be human enabled, and instead can be automated. The researcher had reached out to Microsoft about the exploit, but says that the software company had declined to consider the issue an urgent security fix. Be that as it may, it’s clear that this isn’t a vulnerability that should be taken lightly. Unsurprisingly, this isn’t the first time that a zero day exploit was discovered lying dormant within the web browser. Back in 2014, Microsoft issued a security warning for the browser, saying that hackers could hijack vulnerable systems through it. (Source: ZDNet)
