I have researched about a brand new exploitable vulnerability in all versions of Microsoft Windows and published a blog article about it, entitled: Microsoft MHTML Critical Windows Vulnerability & Fix-it Tool.
Techies will enjoy the Techno-babble and read about a Registry hack that allows one to use Run As on .msi files; a command not normally available on that type of file. Non-Techies can just scroll down to the details about the Fit It Tool (which uses .msi files to alter the Windows Registry).
Unless your PCs are part of a corporate Intranet that relies upon .MHT files with pluggable MHTML protocols for special purposes, disabling that MHTML Handler is a very good idea at this precise moment in time and space.
Note: just because you browse the web with a non-Microsoft browser does not eliminate this threat; it just mitigates one avenue of attack. Others remain, like Windows Media Player, MS Outlook (& Express) and Windows (& Live) Mail.
Read the article and use the Fit It Tools on the Microsoft support page I linked to.
Another new Windows vulnerability announced, + Fit It Tool
Moderator: Wiz Feinberg
-
Wiz Feinberg
- Posts: 6115
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
Another new Windows vulnerability announced, + Fit It Tool
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog