Microsoft warns of attacks on unpatched MHTML Windows vulnerability

By Tom Warren, on 14th Mar 11 11:06 pm with 2 Comments

Microsoft has warned that hackers are targeting a limited amount of machines to exploit a known MHTML vulnerability.

The vulnerability, first reported in January, allows attackers to run scripts in the wrong security context. The unpatched vulnerability affects Windows XP, Vista, Windows 7 and all supported Windows Server releases. The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible for this vulnerability to allow an attacker to run script in the wrong security context. An attacker who successfully exploited this vulnerability could inject a client-side script in the user’s Internet Explorer instance. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

Microsoft originally warned in January that it was aware of published information and proof-of-concept code that attempts to exploit the vulnerability. However, the company originally warned that it hadn’t seen “any indications of active exploitation.” Microsoft updated its original security advisory late last week to explain that attackers are now exploiting the vulnerability in limited cases:

“Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. In addition, at this time, Microsoft is aware of public proof-of-concept code being used in limited, targeted attacks.”

Microsoft failed to patch the flaw in a recent Patch Tuesday round of bulletins. The company has not provided any indication whether a patch is forthcoming. The company is recommending customers apply the fix to lockdown the MHTML protocol. The fix is available as a Microsoft FixIt automated package.