A recently disclosed vulnerability affecting Internet Explorer, yet to receive a fix from Microsoft, has received a micropatch that denies remote attackers the possibility to exfiltrate local files and run reconnaissance activity on the system.
An XML External Entity (XXE), the security flaw was discovered and reported on March 27 to Microsoft by security researcherZaloguj lub Zarejestruj się aby zobaczyć!. HeZaloguj lub Zarejestruj się aby zobaczyć!the details on April 10, including proof-of-concept code to support his finding.
The researcher also published a video showing how the vulnerability can be exploited:
Zaloguj
lub
Zarejestruj się
aby zobaczyć!