Network-assessment

This is no less than a shocker…Hackers can now use Internet Explorer to steal your data, that too even if you never use it.

A security researcher has detected a zero-day vulnerability in Internet Explorer which would allow hackers to steal data. Security researcher John Page has published details and proof-of-concept code for the zero-day which could allow hackers to steal files from Windows systems. The most startling thing is that malicious actors can use the zero-day exploit even without users opening the web browser. Internet Explorer just needs to exist on a computer for hackers to exploit the vulnerability to steal data.

John Page writes, “Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally. This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”

The researcher mentions, as an example, how a request for “c:\Python27\NEWS.txt” can return version information for that program.

He adds, “Upon opening the malicious “.MHT” file locally it should launch Internet Explorer. Afterwards, user interactions like duplicate tab “Ctrl+K” and other interactions like right click “Print Preview” or “Print” commands on the web-page may also trigger the XXE vulnerability. However, a simple call to the window.print() Javascript function should do the trick without requiring any user interaction with the webpage.”

Thus, malicious actors would be exploiting the zero-day vulnerability using .MHT files, the file format used by Internet Explorer for its web archives. The other web browsers that we use today do not use the .MHT format. Hence, when there is an attempt to access this file, Windows opens IE by default. A user simply needs to open an attachment that he gets via email, messenger or any other file transfer service for this exploit to be initiated.

John Page mentions that he has successfully tested the exploit in the latest Internet Explorer Browser v11 with latest security patches on Windows 7, Windows10 and Server 2012 R2.

When John Page informed Microsoft of the exploit, the response that he got was that it would be fixed in a future update. John Page has published the response from Microsoft, which says, “We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

A ZDNet report, which details the issue and its consequences, infers, “This vulnerability should not be taken lightly, despite Microsoft’s response. Cybercrime groups have exploited MHT files for spear-phishing and malware distribution in previous years, and MHT files have been a popular way to package and deliver exploits to users’ computers…Because they can store malicious code, all MHT files should always be scanned before opening, regardless of if the file was recently received, or it’s been standing there on your PC for months.”

Related Resources:

Here’s How To Keep Your Routers Protected From Hackers
Hackers Launch New Attacks Using Old Adobe Vulnerability
Hackers Now Use Their Own Admin Tools Against Company Networks

Post a comment