December 10, 2016

Windows Vulnerability with MHTML Forces Microsoft to Issue a Fixit

Microsoft have responded to public reports of a vulnerability in the MHTML protocol handler of Windows. MIME HTML, is a web page archive format (often with the extension .mht) used to combine HTML, images, Flash etc into a single file. On Windows the MHTML handler is part of Windows and not part of Internet Explorer. As such all versions of Windows from XP upwards are affected and the version of IE installed on the PC is irrelevant.

The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting a targeted web site, which in turn could result in information disclosure.

Microsoft have issued a Fixit which locks down the MHTML components of Windows. They have also issued a test .mht file which demonstrates if your machine has the Fixit applied or not. Basically the lockdown stops all types of scripts running within .mht files. The published test script does not demonstrate the vulnerability itself.

At this time, Microsoft has not seen any indications of active exploitation of the vulnerability but are recommending that all Windows users apply the Fixit.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks