Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows MHTML Vulnerability Warning From Microsoft

Posted by CmdrTaco on from the thats-bad-mmkay dept.

jhernik writes "An HTML scripting bug impacting all supported versions of Windows is receiving Microsoft's attention Microsoft issued an advisory on a Windows security vulnerability today after exploit code for the bug went public. The bug, which lies in the MIME Encapsulation of Aggregate HTML (MHTML) protocol handler, can be exploited to cause data leakage. Though proof-of-concept code for the vulnerability has already gone public, the company said it is unaware of any attempts to exploit the bug." This might seem familiar to you, but considering how many times I saw it submitted this morning, it probably doesn't ;)

4 of 49 comments (clear)

  1. Dupe by Lord+Byron+II · · Score: 1, Informative

    http://tech.slashdot.org/story/11/01/29/0050223/New-Critical-Bug-In-All-Current-Windows-Versions

  2. Here's the MS Fixit link from the original article by jayemcee · · Score: 4, Informative

    http://support.microsoft.com/kb/2501696

  3. Manual method (vs. Ms FixIt) by Anonymous Coward · · Score: 2, Informative

    TO APPLY THIS FIX:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
    "explorer.exe"=dword:00000001
    "iexplore.exe"=dword:00000001
    "*"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
    "explorer.exe"=dword:00000001
    "iexplore.exe"=dword:00000001
    "*"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3]
    "mhtml"="mhtml"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4]
    "mhtml"="mhtml"

    ----

    TO UNDO THIS FIX:

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
    "explorer.exe"=dword:00000000
    "iexplore.exe"=dword:00000000

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
    "explorer.exe"=dword:00000000
    "iexplore.exe"=dword:00000000

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

    ---

    (For those of you that want to "know what's 'going on', under the hood"...

    APK

  4. Re:Are you at risk if you use an "alternate" brows by modmans2ndcoming · · Score: 3, Informative

    Opera has fixed this. Firefox crashes. I would hope Chrome has fixed it because Google is the company that discovered the problem.