Security researcher John Page rang the alarm bells on a major security flaw for Internet Explorer.
The researcher revealed the flaw because Microsoft reportedly declined to release an urgent security fix and said that a patch would be “considered” for a future release.
Considering the gravity of this security flaw, the researcher went ahead and publicized the vulnerability before Microsoft issued a fix.
The vulnerability refers to how a computer handles MHT files, the web archive format of Internet Explorer. The exploit in question targets how the web browser handles those MHT files, which then opens the door for hackers to potentially spy or lift user data. Because MHT files are opened automatically in Internet Explorer by Windows, a user could open the door to hackers simply by opening an email or a chat attachment.
This vulnerability is found in Windows 7, Windows 10 and Windows Server 2012 R2.
Until Microsoft releases a security patch, users will have to protect themselves by either disabling Internet Explorer or choosing another application capable of opening MHT files.
Of course, careful handling of email attachments is still advised, as most phishing scams happen that way.