Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft’s recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database. Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows
Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows is likely to be exploited quickly by criminals seeking to make money before patches become widely deployed. Given that this vulnerability is present in not just one but all currently-supported versions of Microsoft Windows it seems likely we will receive more reports of HTML/Exploit.CVE-2011-0096.A in the future.
So far, we have not seen any problems after applying the Fix it, so I would like to suggest that even if you do not use Microsoft Internet Explorer as your default browser that you run the Fix it or apply the registry changes manually.
For more information about the MHTML vulnerability, see the following:
Aryeh Goretsky, MVP, ZCSE