Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: March Patch Tuesday didn't address MHTML vulnerability

16 Mar 2011   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
March Patch Tuesday didn't address MHTML vulnerability

Another fix to keep your eyes open for....

Quote:
Microsoft patched four vulnerabilities in this month's Patch Tuesday release, but unfortunately one that wasn't addressed was the MHTML issue in Windows and Internet Explorer - although a workaround was explained in a January security advisory.

Microsoft's March Security Update Doesn't Address MHTML Flaw -- Redmond Developer News

This is bad news because a few days ago, it was discovered that attackers are now exploiting that vulnerability to execute a "drive-by" browser attack by which they run Javascript on the user's computer to access information and/or force the download of more malware.

Report: Internet Explorer Used to Exploit Windows MHTML Vulnerability | News & Opinion | PCMag.com

Find the workarounds under the "Mitigating Factors and Suggested Actions" section here:

Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure
Edit...Thank you Hopalong X for this FixIt link:

http://support.microsoft.com/kb/2501696#FixItForMe

Quote:
The actual flaw is with the MHTML protocol handler in Windows--not in Internet Explorer itself--and affects all versions of the Windows operating system. However, Internet Explorer is the only known attack vector for exploiting the vulnerability.

Attacks exploiting this flaw are similar to cross-site scripting attacks and enable the attacker to intercept and collect user information, spoof the content that is displayed to the browser, or interfere with the user's browsing experience in other ways. It is also possible that the attacker may be able to run malicious scripts within the context of the IE session.



My System SpecsSystem Spec
.

Reply

 March Patch Tuesday didn't address MHTML vulnerability




Thread Tools





Similar help and support threads
Thread Forum
Here we go again- Patch Tuesday
when I first looked at the preview there were only 5, now I look and I have 20 sheesh So any problems with the installs? here are mine but I have not done them yet Thanks as always
Windows Updates & Activation
Here we are again- Patch tuesday
It is a snowy patch Tuesday here but I would like to know how it went for everyone I am a bit confused, when looking at mine there is one that says security update for windows kb2887069 when clicking on more info- it shows that one is a kernel drive one but the kb is different kb 2880430Also...
Windows Updates & Activation
Office 2010 sp2 patch should be in Dec Patch tuesday
as per this website Susan Bradley states I got word back as follows: Outlook 2010 Calendar Folder property is empty - Microsoft Community As of now, the product group has consolidated similar cases and currently working on the fix for the Event 27 issue, which is planned for the...
Microsoft Office
Here we are again-Patch Tuesday
I have not gotten them yet, i normally get them 4 pm est. but before i go and put them on has anyone had any problems with them as of yet or later today or even into tomorrow After last month i want to see what others experienced before i put them on mine and others Thanks
Windows Updates & Activation
MHTML 0-Day Vulnerability Won't be Patched Tomorrow
MHTML 0-Day Vulnerability Won't be Patched Tomorrow - Softpedia
Security News
Zero day vulnerability found in Windows MHTML renderer
Zero day vulnerability found in Windows MHTML renderer | Naked Security
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:29.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App