Internet Explorer is so old that it is difficult, even for Microsoft, to make it completely disappear. As early as 2015, the Redmond firm pushed Internet Explorer into the background, following the launch of Windows 10, which includes Microsoft Edge.
With this modern browser (which now incorporates the same technology as Chrome) Microsoft wanted us to forget about Internet Explorer. But today, although the firm has officially killed the browser, its technology continues to be integrated into certain software, including Microsoft Word. Unfortunately, these remnants of Internet Explorer are exploited by hackers.
Google finds an Internet Explorer flaw in Word
Within Google, there is a team called the Threat Analysis Group (TAG) whose mission is to detect and then report security vulnerabilities (including those of third-party services). In a blog post, the firm mentions a flaw in Internet Explorer that has already been exploited.
On October 31, Google received numerous reports from South Korea of a document titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx”. On the night of October 29 to 30, a stampede took place in Seoul, during the Halloween party, killing at least 150 people.
According to the Mountain View firm, the hackers wanted to take advantage of “the widespread public interest in the accident”. Posing as an official government document, the file “downloaded a remote Rich Text File (RTF) template, which in turn retrieved the remote HTML content.”
Bits of Internet Explorer on Word
However, to display this HTML content, Office uses Internet Explorer. And as a result, the technique is therefore used to exploit a flaw in Internet Explorer to target people who do not even use the browser and even if IE is not their default browser.
According to Google, the flaw in question concerns the JavaScript engine of Internet Explorer. And it can be used to execute malicious code while viewing the attacker’s website.
The good news is that today, this Internet Explorer breach has been closed. Google reported this to Microsoft on October 31. And the patch was released on November 8th.
The Threat Analysis Group (TAG) team attacks a group called APT37, which is believed to be funded by North Korea. Previous actions by this group have targeted South Korean users, North Korean defectors, policy makers, journalists and human rights activists.
What happens to Internet Explorer?
Obviously, because of its performance problems, Internet Explorer does not interest many people. However, some companies still use it, due to the fact that professional tools were designed for Microsoft’s old browser.
It is for this reason that the Redmond firm waited a long time before killing IE, although it already offered Microsoft Edge. And today, while Microsoft has already killed the browser, it continues to offer an “Internet Explorer mode” on Edge.
“Not only does Microsoft Edge provide a faster, more secure, and more modern browsing experience than Internet Explorer, it is also able to address a key concern: compatibility with older legacy websites and applications. Microsoft Edge incorporates Internet Explorer mode (“IE mode”), which allows you to access these legacy Internet Explorer-based websites and applications directly from Microsoft Edge”reassured Microsoft in 2021.
