Itchmo Forums for Cats & Dogs Brought to you by Itchmo: Essential news, humor and info for cats, dogs and pet owners.
August 23, 2019, 03:11:49 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  

Go To Itchmo.com: Read the latest cat, dog and pet news, pet food recall info, product reviews and more — updated daily.


Pages: [1]
  Print  
Author Topic: Microsoft IE MHTML Flaw  (Read 5323 times)
0 Members and 1 Guest are viewing this topic.
menusux
Hero Member
*****
Posts: 4456



« on: March 13, 2011, 02:13:03 PM »

http://www.pcmag.com/article2/0,2817,2381881,00.asp

PC Magazine March 13, 2011

Report: Internet Explorer Used to Exploit Windows MHTML Vulnerability

"A vulnerability in the way Internet Explorer parses MHTML content—a method for combining multiple file types and HTML content into a single file—is now targeting users as part of a "drive-by" browser attack.

"According to Qualys' Wolfgang Kandek, the attack only works against those running Internet Explorer—and Microsoft has verified that statement by noting that the attack actually works due to a specific Windows vulnerability, making one's version of Internet Explorer irrelevant as part of a fix. However, a quick fix beyond the downloadable "Fix It" pack is to switch over to an alternate browser for the time being—Chrome or Firefox to name a few."

http://support.microsoft.com/kb/2501696#FixItForMe

Microsoft Fix-It

To fix the issue, click enable lockdown MHTML
Logged
JJ
Hero Member
*****
Posts: 8531


« Reply #1 on: March 14, 2011, 09:23:17 PM »

Went to the link and sounds like if you visit certain sites your computer is vulnerable? Also that WinXP and newer are most at risk but that any version of IE is at risk - what...? If you don't visit these sites (only no one says what sites they are talking about) you won't be exposed to this flaw............needs to clearly be spelled out better for those who are not very computer savvy.
Logged

May your troubles be less,
Your blessings be more,
And nothing but happiness
Come through your door
Mandycat
Hero Member
*****
Posts: 5606


« Reply #2 on: March 14, 2011, 09:42:10 PM »

JJ,
I also checked this out and I am not going to do anything. It appeared to me that if you visit a certain site and click on some link you are asked to click on and/or you click on a link in an e-mail, this would be a problem.  I don't totally understand it either, but it just didn't seem like I would likely have the problem since I never click on anything strange or even open suspicious e-mails. If someone has a better explanation of this, please chime in.  Also, the original notice was in January, so maybe if I haven't had a problem yet, I won't.   Undecided
Logged
menusux
Hero Member
*****
Posts: 4456



« Reply #3 on: March 15, 2011, 11:13:33 AM »

Where you can have issues many times is not with the website itself but with the ads which are part of it.  Had two experiences recently.  The most recent one was going to a website and having some ad that was part of it forcibly "direct" me to an apparent scam/possible drive by website that pretended to be an anti-virus survey.  It tried to keep me from closing the browser window without involving Task Manager.  Needed Task Manager to shut it down.

The next one was a web page I had visited more than once without any issues.  When I needed to return to it to check something, my A/V went off; it had blocked the download of a Trojan.  The only thing that was different about the page were the ads on it-they had changed.
Logged
catbird
Administrator
Hero Member
*****
Posts: 9410


Never underestimate the power of crazy cat ladies!


WWW
« Reply #4 on: March 15, 2011, 04:00:53 PM »

I have a lot of email accounts, and recently, my work computer running IE has closed IE automatically when I try to open a Yahoo email.  This has happened intermittently for the past couple of months.  I have no problems when at home and using a Mac and no viruses or malware are detected on the Mac.  But I'm not running IE at home.
Logged

The problem with cats is that they get the exact same look on their face whether they see a moth or an axe-murderer--Paula Poundstone
JJ
Hero Member
*****
Posts: 8531


« Reply #5 on: March 15, 2011, 04:09:13 PM »

Where you can have issues many times is not with the website itself but with the ads which are part of it.  Had two experiences recently.  The most recent one was going to a website and having some ad that was part of it forcibly "direct" me to an apparent scam/possible drive by website that pretended to be an anti-virus survey.  It tried to keep me from closing the browser window without involving Task Manager.  Needed Task Manager to shut it down.

The next one was a web page I had visited more than once without any issues.  When I needed to return to it to check something, my A/V went off; it had blocked the download of a Trojan.  The only thing that was different about the page were the ads on it-they had changed.
Would adblock work to protect the computer even further then?

ETA: Now the arrival of IE9 - will that be affected by the same HTML flaw as other versions.............
Logged

May your troubles be less,
Your blessings be more,
And nothing but happiness
Come through your door
karvskitties
Long-Standing Member
Hero Member
****
Posts: 993

Speak for Me... I like life.


« Reply #6 on: March 24, 2011, 07:24:17 AM »

Would adblock work to protect the computer even further then?

ETA: Now the arrival of IE9 - will that be affected by the same HTML flaw as other versions.............

This was discussed in the Amazon Forums - Amazon Ads were also producing some very nasty trojans involving new false AV programs (and, they are getting better at not letting you shut them down - regardless of task manager).

No, Adblock does not work (the user with the Trojan had Firefox with Adblock).

You need firefox with AdblockPlus (an Add On), and Noscript (another Add on).

These were all recommended, and even my AV forum recommends them.

Right now, I am posting here with Google Analytics not allowed (hint, hint).

I just don't use IE.  Neither do a lot of folks.  Not with Chrome, Opera and Firefox (not typically targeted by trojans - but Firefox is building steam  Angry ).  And Safari is obviously safe (I think).
Logged

Jimmy Kitty, Siberia, and Baby Girl

Proud Mom of 3 Kitties (and many, many more over the Rainbow).
Pages: [1]
  Print  
 
Jump to:  

Copyright 2007 Itchmo.com: Read the latest cat, dog and pet news, pet food recall info, product reviews and more — updated daily.
Powered by SMF 1.1.21 | SMF © 2015, Simple Machines | Sitemap