A new security hole that exists in all versions of Windows exploits a common method of sending various media types in email messages. The security hole is called the MHTML protocol handler, which is a Zero Day attack that  lures people into clicking on a link that takes the internet user to a booby-trapped site that sends the handler a malicious script. Wikipedia defines a Zero Day attack as “a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer.”

Speed up your internet service and save money at the same time by switching to Vergent’s T1 service or Dallas metro ethernet.

The attack enables “unintended information disclosure” rather than taking control of the user’s entire computer system. Microsoft is currently working on a security patch for all versions of Windows which would “lock down the MHTML protocol and effectively address the issue on the client system where it exists,” says Angela Gunn, a security response communications manager at Microsoft.  Microsoft has not announced a date for the coming patch release, although the company typically provides patches on the second Tuesday of each month.

According to Microsoft, the Zero Day Hole is a Windows hole, although the script itself exploits Internet Explorer. The only two browsers that support MHTML are Internet Explorer and Opera. Computer users can protect themselves from the malicious script while waiting for Microsoft’s patch by turning off MHTML. To turn off MHTML, computer users must either manually edit the Windows Registry or use Microsoft’s Fix It tool. Directions for manually editing the registry can be found at www.networkworld.com.

January 2011 was a light security patch release month for Microsoft, with only three security patches released.

Add your two cents:

Did you know that more people prefer FireFox over Internet Explorer? Which do you prefer? Networkworld.com reports that MHTML crashes Firefox. Have you found that to be true?