Barney's Blog

Blog archive

IE Hole Explored

Hopefully you learn something new everyday. Today I learned what MHTML is: It is a protocol handler that stands for MIME Encapsulation of Aggregate HTML (who thinks of this stuff?).

So why does MHTML matter? Because hackers can use it to crack IE in a similar fashion as a server-side cross-site-scripting vulnerability.

The attack vector points to a seemingly innocent (but ultimately malicious) link. Click on the puppy and your Windows machine could be running bad code in no time.

Experts are generally unconcerned, thinking this kind of attack is too complicated for the garden variety (read dense) hacker. Nonetheless, Microsoft is checking it out and already has a workaround -- simply block MHTML scripting. Hey, I could have thought of that!

Posted by Doug Barney on 01/31/2011 at 1:18 PM


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.