|16 Mar 2011||#1|
| || |
March Patch Tuesday didn't address MHTML vulnerability
Another fix to keep your eyes open for....
Microsoft patched four vulnerabilities in this month's Patch Tuesday release, but unfortunately one that wasn't addressed was the MHTML issue in Windows and Internet Explorer - although a workaround was explained in a January security advisory.
Microsoft's March Security Update Doesn't Address MHTML Flaw -- Redmond Developer News
Report: Internet Explorer Used to Exploit Windows MHTML Vulnerability | News & Opinion | PCMag.com
Find the workarounds under the "Mitigating Factors and Suggested Actions" section here:
Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure
The actual flaw is with the MHTML protocol handler in Windows--not in Internet Explorer itself--and affects all versions of the Windows operating system. However, Internet Explorer is the only known attack vector for exploiting the vulnerability.
Attacks exploiting this flaw are similar to cross-site scripting attacks and enable the attacker to intercept and collect user information, spoof the content that is displayed to the browser, or interfere with the user's browsing experience in other ways. It is also possible that the attacker may be able to run malicious scripts within the context of the IE session.
|My System Specs|
|Similar help and support threads for2: March Patch Tuesday didn't address MHTML vulnerability|
|Here we are again-Patch Tuesday||Windows Updates & Activation|
|Patch Tuesday Aug 16 wiped me out||Windows Updates & Activation|
|Patch Tuesday, Dec 13 2011||Security News|
|Patch Tuesday||Windows Updates & Activation|
|MHTML 0-Day Vulnerability Won't be Patched Tomorrow||Security News|
|Zero day vulnerability found in Windows MHTML renderer||Security News|
|Patch Tuesday - 6/9/10||Windows Updates & Activation|