Microsoft Warns on New Windows Zero-Day Vunerability

Generic News 1994 Published by

Microsoft released a security advisory on Friday warning users to watch out for a newly disclosed vulnerability in all versions of Windows, one that takes advantage of a common method of transferring media types in email messages. The hole, called the MHTML protocol handler, is located in a part of all supported versions of Windows, including XP Service Pack 3.

By luring a user to visit a malicious site and click on a booby-trapped link, an attack program could send the handler a poisoned script. While the result of a successful attack on a user would only be to enable "unintended information disclosure" -- rather than compromise the entire system -- the fact that proof-of-concept code and discussions of the hole have already been posted on the Internet raises the urgency level for Microsoft (NASDAQ: MSFT) to warn security professionals pronto. The advisory provides a client-side workaround. Additionally, the company said it is working on a patch.



Share this content
Twitter Facebook Reddit WhatsApp Email Print