Microsoft's Internet Explorer (IE) was revolutionary when it made its debut in 1995. However following stiff competition from Firefox and Google Chrome, the browser went into swift decline, as evidenced by its many security vulnerabilities.
Security researcher John Page discovered the security flaw, finding that any user with Internet Explorer installed on their system is vulnerable to the exploit, whether or not they're now using the browser or have even opened it before.
According to researcher John Page, an unpatched exploit in the web browser's handling of MHT files (IE's web archive format), hackers can use to both spy on Windows users and steal their local data.
'A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, ' the firm explained.
Additionally, the exploit works around Internet Explorer's typical security alert system. "While that does suggest a patch is on the way, it leaves millions of users potentially vulnerable unless they either turn off Internet Explorer or point to another app that can open MHT files", the report added. What is even more concerning how trivial the IE exploit is; MHT files automatically open up on IE by default. Example, a request for "c:\Python27\NEWS.txt" can return version information for that program.
While Internet Explorer has a security system which should alert a user if anything suspicious happens, a malicious MHT file can be created to disable this warning.
"Afterwards, user interactions like duplicate tab "Ctrl+K" and other interactions like right click "Print Preview" or "Print" commands on the web-page may also trigger the XXE vulnerability".
Last December, Microsoft was urging Internet Explorer users to update to the latest version of Internet Explorer after it discovered a serious flaw.
The vulnerability affects Microsoft Windows 7, Windows 10 and Windows Server 2012 R2.
Mr Page says he contacted Microsoft in March before now going public with the issue.
Internet Explorer was already useless for most of us, but now it is unsafe to have the obsolete browser on your computer.
Microsoft officially discontinued its former flagship web browser in 2015.