Just days ago, it emerged that a zero-day vulnerability that could affect devices running Windows 7, Windows 10 and Windows Server 2012 (R2) could be used to exfiltrate data from affected machines.
According to the report, the flaw was discovered by security researcher John Page, better known by his online alias hyp3rlinx. The attack — dubbed an “XML External Entity attack” or “XXE vulnerability” — could allow the extraction of potentially-sensitive data from an affected machine.
In the report, Page details the steps required to successfully exploit Internet Explorer in a process that requires the unwitting victim to manually open a specially-crafted malicious ‘.MHT’ file, which could then call to a particular Javascript function to extract private information and (possibly) files from an affected device.
As it stands, Internet Explorer is the only major browser that still supports Java. Moreover, since almost every Windows device released since 2009 ships with Internet Explorer installed, the potential for damage is high.
As of yet, Microsoft has not released a fix for the flaw, but a response dated April 10, 2019, suggested that it may be fixed in a future version of Windows.
Be Your Own Cryptocurrency Bank
With that said, there is a surprisingly large number of cryptocurrency owners that use old computer hardware for cold storage. Should this wallet be connected to the internet on a device with Internet Explorer as the default browser, then this wallet could potentially be extracted by an attacker under the right conditions. As of yet, crypto-friendly alternative browser Brave has not yet taken this opportunity to muscle in on Microsoft’s already diminishing territory. That said, we imagine it won’t be long until competitors kick up a fuss about the exploit.Uninstall Internet Explorer, Edge Users Beware
Since the news broke, Mitja Kolsek from the 0patch team found that the exploit could be further refined. This modified attack could also target Microsoft’s Edge browser while being harder to prevent and potentially much more damaging — with the potential to “extract many local files using a single MHT file.” For now, it is recommended that users either disable Internet Explorer or completely uninstall the program until a patch is released. If you absolutely must use Internet Explorer, we recommend being extremely wary of MHTML (MHT) files, as opening one of these is a requirement for the attack. Which browser do you think is the most secure, and why? Let us know your thoughts in the comments below!Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Daniel Phillips
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
READ FULL BIO
Sponsored
Sponsored