Security researcher John Page published proof-of-concept code detailing how the flaw could be carried out.
Security researcher John Page discovered the security flaw, finding that any user with Internet Explorer installed on their system is vulnerable to the exploit, whether or not they're now using the browser or have even opened it before. MHT file using the malicious XML markup tags, no such warnings are shown.
This means that while only a fraction of users are still on Internet Explorer, the threat is actually much larger, given the way the security flaw operates.
If you are concerned about this, you should change the default association of MHT files to something other than Internet Explorer.
Microsoft's Internet Explorer (IE) browser, which has dealt with a reputation for poor security for years thanks in no small part to its obsolete nature, now makes PCs vulnerable even if it is just installed in them, a security researcher claims.
Putin Expresses Sympathy to Macron, French People Over Notre Dame Fire
Gallet said two-thirds of Notre Dame's roofing "has been ravaged ". "What we believe to be indestructible can also be touched". The Pinault family, which controls French luxury conglomerate Kering, pledged an additional €100 million ($113 million).
Xbox One S All-Digital Edition Officially Revealed; It'll Cost $249.99
For now, we'll just have to wait and see how well consumers can adapt to digital-only games and movies, if they're willing at all. While the Xbox One S All-Digital Edition is slated for a May 7, 2019 release, we've already received a glimpse under the hood.
At least 28 killed in Madeira tourist bus accident - mayor
The accident happened at 6:30 p.m. local time on Wednesday on a road in Caniço on the eastern part of the island. At least fourteen ambulances were said to be at the scene, next to Quinta Splendida Wellness & Botanical Garden.
Page tested the exploit using the last version of Internet Explorer, which is, IE 11; this vulnerability affects Windows 7, Windows 10 and Windows Server 2012 R2 systems. Afterwards, even if the commands such as "Ctrl+K" for tab duplication, "Print Preview", or "Print" are used on the webpage, it may trigger the XXE vulnerability.
Page claims to have reached out to Microsoft in March, but the company reportedly responded simply by saying that "a fix for this issue will be considered in a future version of this product or service". As long as the browser is there on your computer, hackers can get to you.
Microsoft didn't say how many users have been affected by the vulnerability, known as CVE-2018-865.
'An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, ' Microsoft added.
Finally stopped using Internet Explorer? Be that as it may, it's clear that this isn't a vulnerability that should be taken lightly.