A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser.
The threat partially surfaced last week when a different researcher, John Page, reported what he called a flaw in Internet Explorer. Page claimed that when using the file manager to open a maliciously crafted MHT file, the browser uploaded one or more files to a remote server. According to Page, the vulnerability affected the most recent version of IE, version 11, running on Windows 7, Windows 10, and Windows Server 2012 R2 with all security updates installed. (It’s no longer clear whether any OS other than Windows 10 is affected, at least for some users. More about that in a moment.)
Below this paragraph in Page’s post was a video demonstration of the proof-of-concept exploit Page created. It shows a booby-trapped MHT file triggering an upload of the host computer’s system.ini file to a remote server. Page’s video shows the file being downloaded with Edge.