Windows Vulnerability in MHTML

securityBigMicrosoft have released a Security Advisory KB2501696 for Windows Operating System in which an attacker can affect Internet Explorer, and while this was release last week, I thought it maybe prudent in the light of a few news agencies now posting this information to highlight the information and workaround, until the full patch fix is released.

“The main impact of the vulnerability is unintended information disclosure. We’re aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but we haven’t seen any indications of active exploitation.”

While this is a serious issue, it can be blown out of proportion by the media, when in reality its only a proof of concept and may not be exploited, however its always wise to keep your Windows version and all software fully up to date.

“The vulnerability lies in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, which is used by applications to render certain kinds of documents. The impact of an attack on the vulnerability would be similar to that of server-side cross-site-scripting (XSS) vulnerabilities.  For instance, an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session.  Such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience.”

More info HERE

Just click the FixIt logo below to enable and disable the workaround fix.

FixIt

Advertisements
This entry was posted in Computer and Internet, Microsoft, Security, Software, Windows and tagged , , , , . Bookmark the permalink.

Please do leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s