Microsoft Warns of MHTML Bug in Windows

Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008.

Windows bugMicrosoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008.

Microsoft issued an advisory about the MHTML vulnerability, which has been discussed among security researchers in recent days. There is some exploit code available for the bug, as well. In addition to the advisory, Microsoft has released a FixIt tool, which helps mitigate attacks against the vulnerability in Windows.

“The vulnerability could allow an attacker to cause a victim to run
malicious scripts when visiting various Web sites, resulting in
information disclosure. This impact is similar to server-side cross-site
scripting (XSS) vulnerabilities. Microsoft is aware of published
information and proof-of-concept code that attempts to exploit this
vulnerability. At this time, Microsoft has not seen any indications of
active exploitation of the vulnerability,” the company said in the advisory.

“The vulnerability exists
due to the way MHTML interprets MIME-formatted requests for content
blocks within a document. It is possible under certain conditions for
this vulnerability to allow an attacker to inject a client-side script
in the response of a Web request run in the context of the victim’s
Internet Explorer. The script could spoof content, disclose information,
or take any action that the user could take on the affected Web site on
behalf of the targeted user.”

The FixIt workaround that Microsoft released for the MHTML vulnerability enables the Network Protocol Lockdown in Internet Explorer for all of the security zones. The side effects from enabling the FixIt workaround are minor, Microsoft officials said.

“In our testing, the only side effect we have encountered is script
execution and ActiveX being disabled within MHT documents. We expect
that in most environments this will have limited impact. While MHTML is
an important component of Windows, it is rarely used via mhtml:
hyperlinks. Most often, MHTML is used behind the scenes, and those
scenarios would not be impacted by the network protocol lockdown. In
fact, if there is no script content in the MHT file, the MHT file would
be displayed normally without any issue. Finally, for legitimate MHT
files with script content that you would like to be rendered in IE,
users can click the information bar and select “Allow All Protocols”,” the company said.

Suggested articles

Discussion

  • Anonymous on

    let me guess, this is the one that was used against zuckerberg's fbook account?

  • Anonymous on

    Is this a vulnerability to Internet Explorer users only ? In that case, who cares.

  • Anonymous on

    *sigh* The I'm-so-cool-because-I-use-linux-or-some-other-browser posts are tiring. If you need to blow sunshine up your own backside like this all the time you have serious self esteem issues. Not everyone has seen the light and some people don't have a choice.

  • Anonymous on

    Not to blow sunshine anywhere, it would still be interesting to know if this is only an IE error or if this would affect anyone using windows...

    I mean, if it is IE only, then it have a small target range and although sad for the ones affected it is just a matter of installing a proper browser. If it affects anyone with Windows then it is another matter all together.

    And ya, I use neither.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.