Zero day Vulnerability found in Microsft's Windows MHTML renderer

Microsoft has just released security advisory 2501696 ,after acknowledging a new zero day vulnerability in all current versions of Windows except Server Core. The vulnerability appears to allow maliciously infected web pages to execute code in any "zone" regardless of which zone is specified.

Applications which uses Microsoft's HTML renderer can be attacked including Internet Explorer, but applications that always open web content in the "Restricted zone" are not affected including Outlook, Outlook Express, and Windows Mail.

There is always a POC (proof of concept) going on in the wild to look into the loop holes of Microsoft Application as well operating system.
So its a matter of time when the news spread to the Malware writers and hackers to take advantage of this MS Zero day vulnerability.


Microsoft has provided a Fix it tool that allows you to apply their recommended settings without doing any manual work over the group policies as well as over registry.

P.S : Friends spread this message to your friends.

Comments

Category: , , , ,