Unexpected Protection Added To Microsoft Edge Subverts IE Security
Saturday April 20, 2019. 02:40 AM , from Slashdot
Dan Goodin writes via Ars Technica: A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser. The threat partially surfaced last week when a different researcher, John Page, reported what he called a flaw in Internet Explorer. Page claimed that when using the file manager to open a maliciously crafted MHT file, the browser uploaded one or more files to a remote server. According to Page, the vulnerability affected the most recent version of IE, version 11, running on Windows 7, Windows 10, and Windows Server 2012 R2 with all security updates installed. (It's no longer clear whether any OS other than Windows 10 is affected, at least for some users. More about that in a moment.)
[I]n Page's post was a video demonstration of the proof-of-concept exploit Page created. It shows a booby-trapped MHT file triggering an upload of the host computer's system.ini file to a remote server. Page's video shows the file being downloaded with Edge. 'This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information,' Page wrote. 'Example, a request for 'c:Python27NEWS.txt' can return version information for that program.'
Read more of this story at Slashdot.
Feb, Tue 18 - 14:04 CET