The news that Windows users could potentially be at risk from an Internet Explorer vulnerability (even if they didn’t use Internet Explorer as their browser) was made all the more worrying by Microsoft’s seeming lack of urgency to produce a patch.
Maybe Microsoft will produce a fix in due course, but in the meantime the smartypants at ACROS Security say that they have developed a micropatch that can protect against the XML eXternal Entity (XXE) attack in boobytrapped .MHT files.
In a blog post, the researchers say that they have uncovered a mix of documented and undocumented security features that may have led to a confusion in Internet Explorer’s code, and resulted in the vulnerability.
The third-party patch is free for personal and educational use, and covers Windows 10 version 1803 and Windows 10 version 1809.
Obviously it’s your choice whether you wish to trust a third-party patch for Microsoft’s code or not. You may prefer to simply uninstall Internet Explorer from your Windows PCs if you have no use for it anymore.
