Hackers Exploit Latest Microsoft MHTML Bug

Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file. The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

On a Blog post Friday afternoon Google Security Team members said “We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.”

Now we are finding that Microsoft and Google are working to create a fix on the server side so it can reduce the risk of MHTML Vulnerability, while you can check your machine to determine if you are vulnerable by using the test scenario previously posted by Microsoft.

As a workaround user can also disable ActiveX, but this would affect web applications including banking and e-commerce sites that use ActiveX to provide online services.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

RT @Security_FAQs: Hackers Exploit Latest Microsoft MHTML Bug http://bit.ly/dNdB6N

trackback

New #MHTML exploit in Windows http://bit.ly/frxEIB and a #Flash zero-day exposed http://bit.ly/gMqsbv

trackback

RT @sectechno Hackers Exploit Latest #Microsoft MHTML Bug http://bit.ly/gRp1hJ #security #infosec

trackback

Hackers Exploit Latest Microsoft MHTML Bug http://bit.ly/dNdB6N

trackback

RT @sectechno: Hackers Exploit Latest Microsoft MHTML Bug http://www.sectechno.com/2011/03/14/hackers-exploit-latest-microsoft-mhtml-bug/

trackback

RT @darkoperator: Hackers Exploit Latest Microsoft MHTML Bug http://bit.ly/fVO5y7

trackback

RT @MBenLakhoua: RT @sectechno Hackers Exploit Latest Microsoft MHTML Bug http://bit.ly/gRp1hJ

trackback

RT @sectechno Hackers Exploit Latest Microsoft MHTML Bug http://bit.ly/gRp1hJ

trackback

RT @sectechno: Hackers Exploit Latest Microsoft MHTML Bug http://bit.ly/eqa3Eh #security #infosec

trackback

Hackers Exploit Latest Microsoft MHTML Bug: Source: http://www.sectechno.com — Monday, March 14, 2011Microsoft is inv… http://bit.ly/fVO5y7

trackback

#security Hackers Exploit Latest Microsoft MHTML Bug http://dlvr.it/LwFXl #infosec

trackback

#security Hackers Exploit Latest Microsoft MHTML Bug http://dlvr.it/LwFXQ #infosec