Microsoft warns of new zero-day security flaw

Fix provided for vulnerability in all versions of Windows
Author:
Publish date:
23_mssec184.jpg

Microsoft has released a security advisory relating to a newly disclosed vulnerability in Windows which relates to an underlying system of communicating media in email.

The flaw resides with the MHTML handler and affects all versions of Windows. Attackers could use the vulnerability to infect users visiting an website with an infected link. 

The company said that the vulnerability so far has only been proven to result in the disclose of information rather than the ability to execute code and thus compromising an entire computer. 

That said, Microsoft posted a FixIt application which locks down MHTML in order to avoid any potential security issues. 

"In our testing, the only side effect we have encountered is script execution and ActiveX being disabled within MHT documents," wrote Microsoft security engineering staff Dave Ross and Chengyun Chu of the MHTML lock down on the Security Research & Defense blog

"We expect that in most environments this will have limited impact. While MHTML is an important component of Windows, it is rarely used via mhtml: hyperlinks."

Related