Windows MHTML Vulnerability Warning From Microsoft

jhernik writes "An HTML scripting bug impacting all supported versions of Windows is receiving Microsoft's attention Microsoft issued an advisory on a Windows security vulnerability today after exploit code for the bug went public. The bug, which lies in the MIME Encapsulation of Aggregate HTML (MHTML) protocol handler, can be exploited to cause data leakage. Though proof-of-concept code for the vulnerability has already gone public, the company said it is unaware of any attempts to exploit the bug." This might seem familiar to you, but considering how many times I saw it submitted this morning, it probably doesn't ;)

Here's the MS Fixit link from the original article

[jayemcee]

http://support.microsoft.com/kb/2501696

Are you at risk if you use an "alternate" browser?

[HouseOfMisterE]

Are you at risk if you use an alternate web browser like Firefox, Opera, or Chrome?

Manual method (vs. Ms FixIt)

TO APPLY THIS FIX:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"*"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"*"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4]
"mhtml"="mhtml"

----

TO UNDO THIS FIX:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000000
"iexplore.exe"=dword:00000000

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000000
"iexplore.exe"=dword:00000000

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

---

(For those of you that want to "know what's 'going on', under the hood"...

APK

Re:Manual method (vs. Ms FixIt)

[Smallpond]

I'm going to edit my registry based on the word of AC. Seems like a reliable source.

MHTML is HTML in a MIME container

[tepples]

MHTML is nothing more than a MIME multipart message containing HTML. If there's a vulnerability in IE's handling of MHTML, then there's probably a vulnerability in each mail client that Microsoft maintains.

Re:Are you at risk if you use an "alternate" brows

[modmans2ndcoming]

Opera has fixed this. Firefox crashes. I would hope Chrome has fixed it because Google is the company that discovered the problem.