Windows 10 it's a new day in which an extremely big problem is revealed for Microsoft's operating system, including Windows 7, and Windows Server 2012 R2 being affected. More precisely, we are talking about a zero-day exploit existing in Internet Explorer implemented in Windows 10 by the Microsoft company, which can be very easily exploited by hackers so that the data from the computers is exposed for them.
Windows 10 has problems because of the way Internet Explorer uses MHT files when users save web pages from the Internet, but exploitation can also be done when MHT files are accessed. The vulnerability can be exploited in Windows 10, or other versions of the operating system, only when malicious MHT files created by hackers are accessed, and files can be stolen from users' computers through this attack.
Windows 10. BEWARE! HUGE DANGER when Surfing the Internet
Windows 10 can have the exploited vulnerability even if we do not use Internet Explorer to browse the Internet, and this is because when accessing an MHT file, the opening will be done with the Microsoft browser. Practically, all those who use Windows 10 are exposed to this very dangerous vulnerability if they access MHT files from the Internet, because it doesn't matter which browser is used to access the page, opening is always done with Internet Explorer.
Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally. This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information. Example, a request for "c:\Python27\NEWS.txt" can return version information for that program.
Windows 10 had the vulnerability disclosed to the Microsoft company on March 27, but refused to solve it until now, so the hacker who discovered it decided to make everything public yesterday. Microsoft has announced that it will solve the problem in a future version of Windows 10, or adjacent versions, but for now it does not consider it important enough to provide protection for customers who use its operating system at the moment.
Windows 10 it is not the first problems of this kind, but also the first refusals of the Microsoft company to solve such important vulnerabilities, so the actions of the Americans should not surprise us.
