If you are a regular reader of Live Hacking you will be familiar with the ongoing saga with the MHTML vulnerability in Windows. Discovered in January, Microsoft has miserably failed to fix this issue in its February and March security updates and has left ALL Windows users (from XP onwards) vulnerable to specially crafted web pages designed to exploit the security hole.
Google has recently commented on the MHTML vulnerability on its Online Security Blog. In the blog post it confirms what we all feared, that the MHTML bug is now under active exploitation.
There is however one more interesting twist to this current wave of attacks, Google are noting that these seem to be “highly targeted and apparently politically motivated attacks”.
Google seems to be more proactive than Microsoft at the moment. It mentions in its blog that they “have deployed various server-side defenses to make the MHTML vulnerability harder to exploit.”
Microsoft have issued a Fixit which locks down the MHTML components of Windows which Microsoft, Google and Live Hacking are recommending that Windows users apply as soon as possible.