I’m not going to link to it - I don’t want to take responsibility for 3rd-party patches to Windows - but you can find it quite easily if you’re really interested. The 0patch company has a quick patch that you can apply, free, if you’re concerned about getting burned. Ionut Ilascu has a synopsis on BleepingComputer. He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web.Īll fascinating stuff if you’re into this kind of thing. Says Kolsek:ĭoes Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video. ![]() The folks who discovered this particular hole aren’t so sanguine. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism. They’re used to pull files off your machine and send them to the bad guys. There have been lots of XXE holes discovered in the past. There’s a lot of controversy about how bad this XXE hole really is. That severely limits this exploit’s reach. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). When you download files from the internet, they’re marked - the “Mark-Of-The-Web” - to tell programs that special care is required when opening the files. It’s a doozy of security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet. MHT is an old file format that’s almost always opened by IE - no matter which browser you’re using, no matter which version of Windows. It depends on you opening an infect MHT file. ![]() ![]() I’ve been slammed for the past few days, and haven’t kept you folks apprised of the latest Internet Explorer 0day.
0 Comments
Leave a Reply. |