Skip to main content

Issue With Internet Explorer Could Affect Most PC Users

By May 4, 2019May 19th, 2022Technology News

Are you still surfing the web with Internet Explorer?  If so, you’re not alone.  Four years after Microsoft announced Edge as its successor, the company’s old browser still has a few stubborn holdouts who continue to use it for various reasons.

Unfortunately, security experts keep finding critical security flaws in the code that make it something of a ticking time bomb.

The most recent of these was unearthed by an independent researcher named John Page. He published a proof of concept that demonstrates a flaw in the way the old browser handles MHT files, which are used by Internet Explorer for archival purposes.

If any computer running Windows 7, Windows 10, or Windows Server 2012 encounters an MHT file, it will attempt to open it using Internet Explorer.  This fact represents a tremendous opportunity for a savvy hacker.  All he has to do is present a specially crafted MHT file containing malicious code to a user and use a bit of social engineering to open it.  Using history as a guide, convincing users to open files from untrusted sources is not especially difficult to do.

Even if you don’t currently use Internet Explorer, your system is still very much at risk from this type of attack, because IE 11 still ships with every Windows-based PC, including the latest Windows 10 machines.  The only potential saving grace here is that on Windows 10 machines, Internet Explorer is not enabled by default and needs to go through a user-initiated setup process before it could be used.

The solution then, at least if you’ve got a Windows 10 machine, is simply to avoid enabling Internet Explorer or, even better, simply uninstall it from the Control Panel altogether.

Mr. Page reported the issue to Microsoft on March 27, and received the following reply:

“We determined that a fix for this issue will be considered in a future version of this product or service.  At this time, we will not be providing ongoing updates of the status of the fix for this issue and we have closed the case.”

Unfortunately, that’s a canned response that amounts to a dismissal. So for the foreseeable future, you should operate under the assumption that no help will be forthcoming from Microsoft on this issue.  Make sure your IT staff is aware.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.