Many well-intentioned people recommend you disable/uninstall Internet Explorer right now to guard against a newly published zero day. It turns out there’s a much simpler way to fix the problem, as long as you don’t rely on MHT files. Here's how. Credit: Thinkstock The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet. It’s a doozy of a security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not. When you download files from the internet, they’re marked — the “Mark-Of-The-Web” — to tell programs that special care is required when opening them. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). That severely limits this exploit’s reach. There’s a lot of controversy about how bad this XXE hole really is. There have been numerous XXE holes discovered in the past; they’re used to pull files off your machine and send them to the bad guys. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism and in part because the creep has to know the name and location of the file they want to purloin. The folks who discovered this particular hole aren’t so sanguine. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video. Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Says Kolsek: Does Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw. He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web. It’s fascinating stuff if you’re into this kind of thing. Ionut Ilascu has a synopsis on BleepingComputer. Because of this XXE zero-day, many people recommend that you disable Internet Explorer entirely. While I’m very much in favor of avoiding IE at all costs, disabling it is a rather painful procedure that could have unintended consequences. It’s far better, in my opinion, to re-wire Windows so it doesn’t use IE to handle MHT files. Warning: If you need to use MHT files, don’t do this. Windows 10, IE and MHT files Here’s an easy way to disassociate Internet Explorer from MHT in Win10 (thx, MikeMc): Step 1: Make sure filename extensions are showing. Click on File Explorer (the icon at the bottom that looks like a file folder), then at the top click View. Make sure the box marked File name extensions is checked. Step 2: Right-click an empty spot on your desktop and choose File > New > Rich Text Format (actually, any kind of file will work). Windows puts a new file of that type on your desktop, with the name already highlighted so you can change it. Step 3: Rename the file to wow.mht or anythingelse.mht. Make sure you’ve deleted all of the old filename, including the part to the right of the period. Hit enter. Windows will nag you about changing file name extensions. Click Yes, thank you, Mother Microsoft. Step 4: Right-click on the newly created mht file and click Open with…. (see screenshot below). Microsoft Changing file name extensions is part of the solution to fending off the IE XXE zero-day hole in Windows. Step 5: Click More apps, then Notepad (or some equally innocuous program), check the box marked Always use the app to open .mht files, and click OK. Step 6: Test to make sure you’ve subverted MHT files by double-clicking on your desktop MHT file. Don’t even bother trying to confirm if the change was made in the Windows Apps Settings file types pane (Start > Settings > Apps > Choose default apps by file type > mht). It’s broken, and has been for years. Protection for Windows 7 and 8.1 As usual, a simple change that’s painfully obtuse and buggy in Windows 10 is very straightforward in Win7 and 8.1. Here’s how: Step 1: Click Start > Control Panel > Programs and under Default Programs click Make a file type always open in a specific program. Step 2: On the left, scroll down to .mht. See how it’s associated with Internet Explorer? Click on mht and click Change program… Windows shows you a pane that’s marked Open with. Step 3. On the lower right, click Browse, navigate to c:WindowsSystem32, scroll way down, click on Notepad.exe and click Open. Click OK. From that point on, any MHT file will open in Notepad – and the infection cycle has been broken. Questions about the method? Hit us on the AskWoody Lounge. Related content opinion On a personal note... Woody Leonhard looks back a bit, looks ahead to retirement — and shares good news about who's picking up the Windows patching torch. By Woody Leonhard Nov 09, 2020 3 mins Small and Medium Business Computers Windows news analysis Get Microsoft's October patches installed — and seriously consider Win10 2004 Odd ancillary patches have their problems, but the mainstream October patches look pretty reliable. The big question: Is Win10 version 2004 up to your stability standards. I’m skeptical -- especially because it has few worthwhile improvements. By Woody Leonhard Oct 30, 2020 6 mins Small and Medium Business Microsoft Computers news analysis Microsoft Patch Alert: October 2020 The big news with this month’s patches – aside from the usual smorgasbord of strange errors – has more to do with the patches that are outside the regular cumulative update stream. Remarkably, we didn’t get any security fixes By Woody Leonhard Oct 22, 2020 189 mins Small and Medium Business Microsoft Office Microsoft news analysis With Patch Tuesday here, be sure Windows Update is paused With all the flotsam floating around, it’s easy to lose sight of Second Tuesdays. October’s arrives tomorrow and, with it, another round of Windows and Office patches. Take a minute to make sure you aren’t in the front lines, as eve By Woody Leonhard Oct 12, 2020 5 mins Small and Medium Business Microsoft Windows Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe