You are here: DIME Home > Computer Security > Attackers Target MHTML Security Flaw in Windows by Using Internet Explorer


Attackers Target MHTML Security Flaw in Windows by Using Internet Explorer

Attackers are exploiting MHTML bug, first revealed in January.

Author: eccuni
Date: Mar 14, 2011 - 8:09:10 AM


Printer FriendlyPrinter friendly page

A bug associated with MIME Encapsulation of Aggregate HTML (MHTML) protocol handler in Windows, first identified in January is being exploited by attackers. Internet Explorer (IE) serves as an attack vector and users browsing through any version of the browser are more susceptible to the exploitation of this vulnerability. The vulnerability affects Windows XP and later versions. The vulnerability is related to the process by which Internet Explorer deals with MIME formatted web-pages on Windows.

 

Google has issued an alert that attacks are being launched against Google users using Internet explorer. The company claims that attacks seem to be highly targeted and politically motivated against certain activists. The company has not divulged any information on the identity of the targeted activists. Google has also claimed that account holders of a popular social site (identity not disclosed) have also been targeted by attackers. The company has applied server-side defenses to prevent MHTML attacks. However, the defenses are not foolproof and users may temporarily shift to firefox, chrome or other browsers to guard against exploitation of MHTML vulnerability.

The bug allows offenders to create a fake webpage, entice people to visit the site. When unwary users visit the specially crafted webpage, IE is made to execute malicious java script. The script may spoof content or perform functions that on behalf of a user on a compromised website. Microsoft had earlier released a work around for the bug in the form of "Fix it" wizard. The solution enables users to lockdown MHTML by enabling the button and reversing the lockdown of MHTML by disabling the Fix it button on the wizard. Microsoft is yet to offer a security update for the flaw and may offer a fix during the upcoming monthly security updates.

Online IT courses and video tutorials may be used to create awareness among public on safe computing practices. Internet users must avoid clicking on suspicious links on e-mails, instant messengers (IM) and resist visiting suspicious websites. Users can also disable active scripting.

Attackers constantly find and exploit vulnerabilities in software products. Online IT degree  and e-learning programs may facilitate security professionals in keeping them abreast of latest developments in IT security.

Organizations must adhere to the security updates, patches and advisories. Hiring professionals qualified in IT degree programs  may aid organizations in timely identification and application of appropriate patches.

Contact Press

EC-Council
Website:   http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.



View all articles by eccuni

Link to this article:

Code to copy: <a href="http://www.dime-co.com/computer-security/Attackers-Target-MHTML-Security-Flaw-in-Windows-by-Using-Internet-Explore.shtml">Attackers Target MHTML Security Flaw in Windows by Using Internet Explorer</a>




Related Articles...

Cybercriminals Target Rabobank with DDoS Attacks

May 3, 2011 - 6:17:36 AM

Recently, Rabobank suffered distributed denial-of-service (DDoS) attack resulting in disruption of Internet banking and mobile banking services. Customers of the bank were not able to login to their online accounts. Rabobank with Headquarters in Utrecht, Netherlands operates in 48 countries across world and specializes in food and agricultural finance. Information security professionals are investigating the attack and are yet to determine the source of attack. The attack follows a similar attack on a Dutch government website, rijksoverheid.nl. The latest attack reportedly hampered operations of the Dutch payment system iDeal, making it difficult for associated banks to process payments.... [Read the full story]

Don't Take Destruction of Data for Granted

Apr 2, 2011 - 11:02:01 AM

The prompt and secure destruction of data and confidential company documents should not be taken for granted. As the amount of data increases in the world, as does the need to securely destroy it to prevent unscrupulous individuals or of groups well organised criminals accessing it for their own illegal needs. However, the skills and techniques that these people use are also ever-developing, and the rightful owners of this data need to try to stay one step ahead with advice from companies that specialise in protecting and destroying your personal data. It can be compared to the virus / anti-virus war, and burglars versus locks, and if you want to look at it in its most basic or original form; predator versus prey in a... [Read the full story]

Mozilla Makes Firefox Version 4.0 Public

Mar 24, 2011 - 8:09:36 AM

... [Read the full story]

Security Researchers Alert Facebook Users on New Scam

Mar 23, 2011 - 8:19:01 AM

... [Read the full story]


Newest Articles in Popular Topics:

Business & Marketing Computers & the Internet Entertainment Health & Fitness
Finding Ways To Save Money And Maximize Revenue In Business
Cooper's Golf Park Tees Off Their New Website
Fiinovation Adjudged CSR Team of the Year & Caring Company at World CSR Day
Reasons Why Kale Realty is the Best Real Estate Firm in All of Chicago
Montreal Tech Startup Kangaroo Rewards Launches Mobile Loyalty Program for Local Merchants
It is time we break out of the SEO Shelter
3 Strong Reasons You Should Start Your Own Blog
Evolve Your Career With CompTIA A+ Certification Exam
High speed VMware Backups - Powered by UltraBlaze(™) from Vembu
Things to Consider When Selecting a Domain Name for Your Website
Fling Boom "Launches" This Holiday Season
Beautiful Abstract Canvas Art is Up for Grabs
Buying Art as a Gift: Tips From an Expert
Complete Guide to the 2014 Gatlinburg Fine Arts Festival Released by Jackson Mountain Homes
Learn Blues Music Online-Alternative to Traditional Piano Lessons
Causes and Treatment of Acne
What Type Of Constipation Home Remedies Are There?
Manual Wheelchairs: Buying One
Instant Facelift with Dental Implants
Lasik Surgery Leading Correction Of Vision Issues

Home & Family

Shopping

Sports

Travel
Enhance Your Learning Experience Through Best Responsive Elearning Development Tools
Best Apps for Learning German
Esvees is Cranbourne's Elite Hair Dressing Company
Ozone Generator
Practical Tips When Choosing Gates and Gate Openers for Your Home or Business
Why Cases are Required for Mobile Phones?
Are Dealership Services Worth It?
2015 Jeep Grand Cherokee Named Must-Shop SUV for Towing from AutoTrader.com
Online Selling With An Appraisal Advantage
Macsome AudioBook Converter released New Version V2.0.4
Aditi Ashok signs off with a double
Softball Coaching: Avoid Becoming A Nattering Nabob of Negativity
Softball Coaching Tips - The Funnel Approach
Pick Up Specialized Advice on Jumping Exercises Which Are Highly Effective
Vertical Jump Training Tactics to Increase Your Athletic Performance
Tips for Choosing the Right Paris Short Lets
Hostels - the best choice for working womens and college students
Perfect holiday? Book a cruise and sail in Croatia!
Say Aloha to Your Best Vacation Ever with Kohala Coast Properties
The Perfect Guide for a Fantastic Family Trip to Kansas City

 



Follow & Share Your Favorite Video Articles

Tell a Friend About This Site



Chamber of Commerce - on the Web logo



Subscribe to the eMarket SmartsTM Newsletter in order to keep up to date with what's happening with dime-co.com, get the emails on new video articles, featured articles, and more. Your privacy is always protected. We never rent, sell or trade your private information

:
:

Service provided by GetResponse Autoresponders


Recommended Associates


Latest Articles in All Categories


Putting Up a Small Commercial Printing Business
So You Might Be Unemployed And Desire To Become A San Francisco Real Estate Investor Now
Meditation and Mindfulness: Dealing With Emotion
CPA Websites: Five Essential Ideas for Composing Convincing Articles
Set Goals In Order to Come Up With Your Action Plan
Is the Air in Your Home Safe to Breathe?
Coarse Fishing Tackle Review: The JW Young 13ft Trotter Rod
Section 1031 Exchanges For San Diego Real Estate Investors
Phoenix Real Estate Investing For Highest Possible Earnings
Legendary are the Volk Racing TE37 Wheels
Developing the Next Generation Wall Station (ChaseDesk™) for Healthcare - A Case Study
What are step down transformers?
Introducing Sharehype, the Revolutionary Tool for Online Marketers
Rewards To Shopping For Austin Real Estate On The Web
Hydroponics for Beginners



Do you write?

Would you like submit your articles and have them approved on a priority status? Find out more about how you can become a Priority author for pennies a day! Click here.

Dime-co.com Home
  • Business (9328)
  • Computers & The Internet (5740)
  • Entertainment (1348)
  • Family (958)
  • Finance (1963)
  • Health (4246)
  • Home and Living (6670)
  • Marketing (6113)
  • Shopping & Product Reviews (2624)
  • Sports (694)
  • Travel and Vacations (1689)
  • Video Articles (1)
  • Editors Pick (1)