Yet another M$IE exploit has come to light. This one can impact even those who no longer use M$IE:
M$ might some day release a fix for this. But as with anything else they release, you have to wonder how much unannounced, and un-revealed, privacy stealing code will be included, along with their fix.
This is an automatically-generated Wiki post for this new topic. Any member can edit this post and use it as a summary of the topic’s highlights.
The article is a little click-baity. As I understand it, a successful exploit would require either having the foresight to exploit this bug years ago and include it in a web page that the victim willingly saved as a web content package (current browsers don’t save as MHT). Or, for a victim to override default security measures to allow receipt of an MHT file via email, and then launch one from a malicious source. If someone were going to do that, they might just as well be accepting .EXE files.
You can disable IE entirely in Control Panel\Programs\Programs and Features\Turn Windows Features On and Off. Doing so prevents exploit even if someone does launch a malicious MHT file.