Wednesday, February 9, 2011

MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows (Alert, Merbahaya, Dangeres)

A critical vulnerability (CVE-2011-0096) has been identified in the MHTML (MIME Encapsulation of Aggregate HTML). The vulnerability, if successfully exploited will cause the application to execution of arbitrary attacker-supplied script code in the context of Internet Explorer. This may allow the attacker to obtain sensitive information, spoof content, or perform arbitrary actions on a targeted website in the context of the victim. [1]

The vulnerability exists because of an error in the way MHTML (MIME Encapsulation of Aggregate HTML) interprets MIME-formatted requests for content blocks within a document, which could allow attackers to inject a client-side script in the response of a web request run in the context of Internet Explorer by tricking a user into following a specially crafted "MHTML:" link. [2]

2.0 Impact

An attacker who successfully exploits this vulnerability will be able to execution of arbitrary attacker-supplied script code in the context of Internet Explorer. This may allow the attacker to obtain sensitive information, spoof content, or perform arbitrary actions on a targeted website in the context of the victim. [3]

3.0 Affected Products

The detail list of the vulnerable products and versions are as below:

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-based Systems


However, Server Core installation for Windows Server 2008 are not affected


4.0 Recommendations

4.1 Enable the MHTML protocol lockdown

Users are recommended to use the fixit solution provided by Microsoft. The FixIt is available here:

http://support.microsoft.com/kb/2501696


However, if users want to apply it manually, you can refer to the following article:

http://www.microsoft.com/technet/security/advisory/2501696.mspx#EIH



MyCERT would like to advise the users of Microsoft Windows to be vigilant of the latest security announcements by Microsoft and ensure that their operating systems are automatically updated. The article on how to enable the auto update feature in Microsoft is available at the following URL:

http://www.mycert.org.my/en/resources/os/main/main/detail/707/index.html

Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:

http://secunia.com/vulnerability_scanning/personal/

Related Posts

MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows (Alert, Merbahaya, Dangeres)
4/ 5
Oleh

Subscribe via email

Like the post above? Please subscribe to the latest posts directly via email.

1 comments:

Tulis comments
avatar
February 10, 2011 at 6:05 PM

org kata nnt nak kua windows8 pulak.. xsabar nak tunggu nih.. hahaha...

Reply