Microsoft said on Friday that it is investigating reports of a new 0-day vulnerability across all supported versions of Windows.
The vulnerability affects Windows XP, Vista, Windows 7 and all supported Windows Server releases. The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible for this vulnerability to allow an attacker to run script in the wrong security context. An attacker who successfully exploited this vulnerability could inject a client-side script in the user’s Internet Explorer instance. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.
Microsoft says it’s aware of published information and proof-of-concept code that attempts to exploit the vulnerability. However, Angela Gunn of Microsoft’s Trustworthy Computing team says the company hasn’t ”seen any indications of active exploitation.” Microsoft is currently investigating the vulnerability and says it’s working on a security update to address the flaw. The software giant has issued a temporary workaround as part of it’s 2501696 Security Advisory. The company is recommending customers apply the fix to lockdown the MHTML protocol. The fix is available as a Microsoft FixIt automated package. A Microsoft spokesperson also confirmed that the company is working with third-party sites and service providers to protect against the flaw:
“In our collaboration with other service providers, we are looking for possible ways that they can take steps to provide protection on the server side. Our Security Research & Defense team has written a blog post that discusses some possible options. However, due to the nature of the issue, the only workaround Microsoft can officially recommend is what we have identified in the advisory. We will continue to work closely with others in the industry and appreciate the collaboration we have had to date.
We have initiated our Software Security Incident Response Process (SSIRP) to manage this issue. We’re also in communication with other service providers to explain how the issue might affect third-party Web sites and to collaborate on developing a variety of further solutions that address the varied needs of all parts of the Internet ecosystem – large sites, small sites, and all those who visit them.”