The Hacker News Logo
Subscribe to Newsletter

Zero day vulnerability begin in Windows MHTML renderer !

Microsoft has aloof appear aegis advising 2501696 acknowledging a fresh aught day blemish in all accepted versions of Windows (except Server Core). The blemish appears to acquiesce maliciously crafted web pages to assassinate cipher in any "zone" behindhand of which area is specified.

Any applications that use Microsoft's HTML renderer can be attacked including Internet Explorer, but applications that consistently accessible web agreeable in the "Restricted zone" are not afflicted including Outlook, Outlook Express, and Windows Mail.

There is affidavit of abstraction cipher in the agrarian and it seems to be alone a amount of time afore we see abyss aggravating to accomplishment this flaw. For individuals, or bodies who alone administer a baby cardinal of computers, Microsoft has provided a Fix it apparatus that allows to to administer their recommended settings after accepting to use GPOs or accepting to manually adapt anthology keys.

The SANS Internet Storm Center has acquaint a blog on this as well, acquainted all the accepted locations for admonition on this vulnerability.

Microsoft has provided acknowledgment admonition and I awful acclaim you accede deploying the acknowledgment settings application Group Policy Objects (GPOs) as anon as possible. It will acceptable be some time afore Microsoft is able to absolution a application for this vulnerability and this is one of the cases area it is acceptable account the accomplishment to apparatus the mitigations.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.