An exploit in Internet Explorer allows hackers to access files via MHT format type

Microsoft will get around to fixing Internet Explorer exploit eventually

Scan all MHT files before opening, regardless of how long they’ve been sitting on your computer, because Internet Explorer isn’t going down without a fight.

The issue is with the archaic MHT file format; the default in which Internet Explorer saves web pages. Modern browsers make use of the standard HTML format, but many still support the use of MHTs. According to security researcher, John Page, if a malicious MHT is opened by the user, it can potentially grant hackers access to local files and disable security warnings about ActiveX Objects and other potential hazards.

Why should you care? IE is used by just over 7% of people browsing the nets, which isn’t much, but, while you probably aren’t using it anymore, it’s often pre-installed on Windows systems and it has the obnoxious ability to automatically open MHT files by default. Some people also have no choice but to use it, because of company or software requirements. I personally know developers that are still having to cater for compatibility with IE, you probably do too. Also, your mom.

So, you’d think Microsoft would be keen to fix such a thing, right? Especially since MHTs have been used for spear-phishing and malware attacks in the past? Nope. Page reported the vulnerability to Microsoft in March, but they are disinclined to act with any urgency.

We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.


This exploit works on current security patches for Windows 7, Windows 10, and Windows Server 2012 R2.

Battlefield V competitive play cancelled to focus on bug fixes