IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft warns of Windows zero-day

The Windows flaw could allow hackers to gain user data, but nothing in the wild has been seen yet.

Threat

Microsoft has warned of a Windows zero-day vulnerability, affecting all versions of the operating system.

The Redmond giant said it had seen a proof-of-concept attempting to exploit the vulnerability, which could conceivably harm Internet Explorer users on Windows.

Nothing has been seen yet in the wild.

The flaw resides in the MIME Encapsulation of Aggregate HTML protocol handler, used by applications to render certain kinds of documents.

"An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it," Angela Gunn, from Microsoft's Trustworthy Computing division, hypothesised in a blog post.

"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session. Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience."

A patch has not yet been offered but Microsoft has issued a workaround in its advisory for administrators to ensure nothing goes awry.

"The workaround we are recommending customers apply locks down the MHTML protocol and effectively addresses the issue on the client system where it exists," Gunn added.

"We are providing a Microsoft Fix-it package to further automate installation."

Microsoft did not confirm when a patch would be released, but said it was working on an update to address the vulnerability.

Just earlier this month, Microsoft warned about yet another zero-day flaw affecting Windows.

The vulnerability, affecting the Windows Graphics Rendering Engine, could have allowed malware to be installed on a computer if users viewed a malicious image in a browser or document.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021
How to virtualise Windows 7 inside Windows 10
Microsoft Windows

How to virtualise Windows 7 inside Windows 10

9 Sep 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022