Microsoft, Google warn of limited MHTML exploits

Share this article:
Cybercriminals are launching "limited, targeted attacks" against an unpatched scripting vulnerability that affects all supported versions of Windows, Microsoft has warned.

The bug, disclosed in January, is present in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. It is similar to a cross-site scripting issue.

Unsuspecting Internet Explorer users could become victims if they are tricked into visiting a specially crafted website that forces them to run malicious scripts, Microsoft said in its advisory, which was updated Friday to reflect the discovery of in-the-wild attacks.

"It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a web request run in the context of the victim's Internet Explorer [browser]," according to the advisory. "The script could spoof content, disclose information or take any action that the user could take on the affected website on behalf of the targeted user."

Google said Friday that some of its user base have been victims.

“We've noticed some highly targeted and apparently politically motivated attacks against our users,” members of the Google Security Team wrote in a blog post. “We believe activists may have been a specific target. We've also seen attacks against users of another popular social site.”

Google did not disclose the affected site.

Microsoft last week issued its monthly Patch Tuesday updates for March but failed to close the Windows MHTML issue.

In lieu of a patch, users are encouraged to lock down the MHTML protocol or switch certain security zone settings to "high" to block ActiveX controls and Active Scripting, according to Microsoft's advisory, which details the steps. Microsoft also has released a Fix-It solution to automate the mitigation.

Google, meanwhile, said it has deployed various server-side defenses to make the flaw harder to exploit, but reminded users that these solutions may not be reliable. The search giant said it is working with Microsoft to develop a permanent fix but recommended users deploy the Fix-It solution in the meantime.

Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.