Just a quick up on the Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding ’s recent , which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database.   Although reports remain low so far, any in a particular version of Microsoft Windows



Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows is likely to be exploited quickly by criminals seeking to make money before patches become widely deployed. Given that this vulnerability is present in not just one but all currently-supported versions of Microsoft Windows it seems likely we will receive more reports of HTML/Exploit.CVE-2011-0096.A in the future.



So far, we have not seen any problems after applying the Fix it, so I would like to suggest that even if you do not use Microsoft Internet Explorer as your default browser that you run the Fix it or apply the registry changes manually.


For more information about the MHTML vulnerability, see the following:



As previously stated, exploitation of this vulnerability remains quite low; however, we have also seen countless examples in the past where vulnerabilities in a popular operating system or have been exploited on a massive scale. The best time to protect yourself against such threats is before they become a problem.

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher

Source link https://www.welivesecurity.com/2011/02/03/microsofts-recent-mhtml-vulnerability-follow-up/


Please enter your comment!
Please enter your name here