Another new Windows vulnerability announced, + Fit It Tool

The machines we love to hate

Moderator: Wiz Feinberg

User avatar
Wiz Feinberg
Posts: 6115
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
State/Province: Michigan
Country: United States

Another new Windows vulnerability announced, + Fit It Tool

Post by Wiz Feinberg »

I have researched about a brand new exploitable vulnerability in all versions of Microsoft Windows and published a blog article about it, entitled: Microsoft MHTML Critical Windows Vulnerability & Fix-it Tool.

Techies will enjoy the Techno-babble and read about a Registry hack that allows one to use Run As on .msi files; a command not normally available on that type of file. Non-Techies can just scroll down to the details about the Fit It Tool (which uses .msi files to alter the Windows Registry).

Unless your PCs are part of a corporate Intranet that relies upon .MHT files with pluggable MHTML protocols for special purposes, disabling that MHTML Handler is a very good idea at this precise moment in time and space.

Note: just because you browse the web with a non-Microsoft browser does not eliminate this threat; it just mitigates one avenue of attack. Others remain, like Windows Media Player, MS Outlook (& Express) and Windows (& Live) Mail.

Read the article and use the Fit It Tools on the Microsoft support page I linked to.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog