Threaded View
-
January 31st, 2011 01:13 AM #1
- Join Date
- Nov 2010
- Posts
- 61
- Mentioned
- 0 Post(s)
- Tagged
- 1 Thread(s)
Windows vulnerability that impacts all supported editions
Microsoft has warned of a vulnerability found across the range of desktop and server Windows offerings that could potentially allow an attacker to run malicious scripts through a web page.
The vulnerability, which was first reported on Friday by the Redmond-based software giant, impacts all "supported" editions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows Server 2003 and 2008.
Microsoft says the exploit is a result of a bug in Windows' MHTML handler, which the software giant says interprets MIME-formatted requests in a way in which attackers could be able to take advantage of the tool.
"The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible for this vulnerability to allow an attacker to run script in the wrong security context," Microsoft said.
"The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities."
At this stage it's understood the vulnerability has not yet been exploited by malicious parties, despite a number of sites publishing information about the problem.
"Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability," the company warns, explaining that "at this time, Microsoft has not seen any indications of active exploitation of the vulnerability."
A patch is being prepared by Microsoft, but in the meantime the company is encouraging those who feel worried about the vulnerability to download the FixIt steps provided here*. The FixIt download also includes a proof-of-concept tool which allows users to test whether the fix has worked or if they are still open to the exploit.
* https://go.microsoft.com/?linkid=9760419
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Soldio Alpha iPack for Windows 10 All Editions
By Agelyk in forum iPacks Win 8 & 8.1 and 10Replies: 7Last Post: February 19th, 2020, 06:20 AM
Lightstar Can Be Very Protective Of His Creations As He Sends A Percentage Of Funds Made To Charities For The Poor, Best To Take This To PMs. As Its Premium, You Could Say "Inspired By" Or Something...
Theme request