Who’s ahead in Windows security, the good guys or the bad guys? The software giant has invested considerable resources in trying to anticipate new and emerging threats and its latest security advisory is another attempt to get ahead of the curve.
The vulnerability takes advantage of a common method of transferring media types in email messages.
The hole, called the MHTML protocol handler, is located in a part of all supported versions of Windows, including XP Service Pack 3. By luring a user to visit a malicious site and click on a booby-trapped link, an attack program could send the handler a poisoned script.
Microsoft said the result of a successful attack on a user would only be to enable “unintended information disclosure” — rather than compromise the entire system.
Earlier this month, Microsoft had one of its lighter Patch Tuesdays, releasing only three fixes after several months of larger patch releases.
eSecurity Planet details the latest security advisory including a workaround Microsoft is suggesting to head off the security threat. Microsoft also said it was working with service provider “for possible ways that they can take steps to provide protection on the server side.”