Microsoft have released a Security Advisory KB2501696 for Windows Operating System in which an attacker can affect Internet Explorer, and while this was release last week, I thought it maybe prudent in the light of a few news agencies now posting this information to highlight the information and workaround, until the full patch fix is released.
“The main impact of the vulnerability is unintended information disclosure. We’re aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but we haven’t seen any indications of active exploitation.”
While this is a serious issue, it can be blown out of proportion by the media, when in reality its only a proof of concept and may not be exploited, however its always wise to keep your Windows version and all software fully up to date.
“The vulnerability lies in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, which is used by applications to render certain kinds of documents. The impact of an attack on the vulnerability would be similar to that of server-side cross-site-scripting (XSS) vulnerabilities. For instance, an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session. Such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience.”
More info HERE
Just click the FixIt logo below to enable and disable the workaround fix.