Microsoft warns of zero-day Windows vulnerability

Microsoft is warning users following the disclosure of a security flaw in Windows.

The company said that the vulnerability is currently un-patched and exists in all versions of the operating system. Currently the exploit exists only as a proof-of-concept sample and no active exploits have been reported in the wild.

Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

The vulnerability lies within a component of Windows which handles MIME Encapsulation of Aggregate HTML (MHTML) and can be accessed through an HTML link in Internet Explorer.

Microsoft said that an attacker could access the component by convincing the user to click on a link to a page containing a malicious script which targets the MHTML component.

Once exploited, the vulnerability would allow an attacker to have access to the user’s browser, potentially allowing an attacker to harvest user information or perform cross-site scripting and spoofing attacks.

The company said that it was working on a fix for the flaw, though no possible release date has been given.

Users and administrators looking to mitigate the vulnerability are being advised by Microsoft to limit access to the MHTML component.

“We expect that in most environments this will have limited impact,” the company said of the workaround in a blog posting.

“While MHTML is an important component of Windows, it is rarely used via mhtml: hyperlinks.”

The company is also offering security suggestions for service providers on its Security Research and Defense blog.

Both comments and pings are currently closed.

Comments are closed.

A Hotels in Malta Theme. Designed by Malta Hotel and Malta Hotels