IE Hole Explored -- Redmondmag.com

Barney's Blog

IE Hole Explored

Hopefully you learn something new everyday. Today I learned what MHTML is: It is a protocol handler that stands for MIME Encapsulation of Aggregate HTML (who thinks of this stuff?).

So why does MHTML matter? Because hackers can use it to crack IE in a similar fashion as a server-side cross-site-scripting vulnerability.

The attack vector points to a seemingly innocent (but ultimately malicious) link. Click on the puppy and your Windows machine could be running bad code in no time.

Experts are generally unconcerned, thinking this kind of attack is too complicated for the garden variety (read dense) hacker. Nonetheless, Microsoft is checking it out and already has a workaround -- simply block MHTML scripting. Hey, I could have thought of that!

Posted by Doug Barney on 01/31/2011 at 1:18 PM

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.