Feed: gHacks Technology News
New Windows Vulnerability Hits *ALL* Supported Versions
Microsoft is warning about a new discovered Windows vulnerability that’s present in every currently supported version of Windows. The vulnerability impacts Windows XP, Vista, Windows 7, Windows Server 2003 and Windows Server 2008.
The exploit is the result of an MHTML bug. This interprets MIME-formatted requests in a way that could allow an attacker control of a computer.
“The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible for this vulnerability to allow an attacker to run script in the wrong security context. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.”
While a patch is written, Microsoft have released a temporary fix which you can download here. The company is keen to stress that they’ve seen no code that exploits this vulnerability and there are no indications that any such code currently exists.
Full details of the explot and the Microsoft FixIt workaround can be found on their website. As always we recommend that you have up-to-date anti virus software on your computer and that you run an active two-way firewall. When the patch is available, it will no doubt be distributed via Windows Update as a mandatory update.
© Mike Halsey (MVP) for gHacks Technology News, 2011. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: exploit, microsoft, vulnerability, Windows, windows server
Feed Info:
Name: gHacks Technology News
URL: http://www.ghacks.net/feed/
Add, Modify, Remove feeds at Innerfeed
0 comments:
Post a Comment
Post a Comment