drjbhl
Ramblings of an old Doc
New Windows Flaw Allows Hack
MHTML Vulberability
Published on January 30, 2011 By DrJBHL In Personal Computing

Windows (ALL current editions) is vulnerable to a hack through it’s MIME HTML handling protocol. This vulnerability would allow malicious code to be run through Internet Explorer and through Opera. This is a variant of XSS (Cross Site Scripting).

Firefox requires an add-on to read and write MHTML files. In it’s default configuration it is not vulnerable, Safari and Chrome are not either.

Microsoft recommended that users lock down the MHTML protocol handler by running a "Fixit" tool it's made available. This is not a patch. That will require more time to develop because this is a Windows vulnerability, not an iE one.

The Fixit tool can be accessed from Microsoft's support site . It has the undo tool there as well for when the real fix comes. This edits the registry and automatically makes a restore point before installing.

The current list of vulnerabilities not fixed by MS can be found HERE.

The CSS flaw I reported on in December can be addressed with a work around you can find HERE. The uninstall for it can be found HERE.


Popular Articles in this Category
Safe and free software download sites for windows
Keep an Eye Out!
A new and more functional PC Manager widget from MS
Popular Articles from DrJBHL
Safe and free software download sites for windows
A new and more functional PC Manager widget from MS
Comments (Page 1)
2 Pages1 2 
1
Uvah
on Jan 30, 2011

Would it be a good idea to go for it even if Firefox is not the open door?

2
DrJBHL
on Jan 30, 2011

The CSS 'shim' (last sentence OP) yes. If you can read Gmail in your firefox, then I'd install the others as well. Also if you have unMHT extension install the others in the OP (unMHT: https://addons.mozilla.org/en-US/firefox/tag/MHTML)

3
theAVMAN
on Jan 30, 2011

Thanks Doc!!!

4
Uvah
on Jan 30, 2011

Then that's what I'm gonna do. One other question Doc. I created a user account for everyday use, not an administrator one, but mistakenly gave it admin status. How can I change that? There doesn't seem to be a way. OT I know but I'm trying to close back doors.

5
DrJBHL
on Jan 30, 2011

Harley, You're welcome.

Uvah:

Click start and type secpol.msc

This will open up the W7 Security Policy Editor, now browse to Security Settings, Local Policy, Security Options

At the top double click for both the administrator and guest account, choose enabled. Close all windows and restart Windows 7.

You are now able to login to 7 as administrator or guest. A good option is to rename those accounts to make it harder for hackers/friends you don't trust to find your precious login.

After enabling these accounts you should set a password as well, click start then type in cmd, then type net user administrator "password" without the quotes of course, you can do the same with the guest account or any other accounts, for more info on net user type net user /? or net /?

6
Uvah
on Jan 30, 2011

Typed it and got this..... no items match. Did it twice and got the same thing.

7
DrJBHL
on Jan 30, 2011

Don't know why, Uvah unless you aren't logged on as the Admin.

8
Uvah
on Jan 30, 2011

I am believe it or not. Under my nic as Administrator, password protected. I logged off then logged back on. Even changing it back to my name makes no difference.

9
DrJBHL
on Jan 30, 2011

Only you, Uvah. Suggestion?

PM yrag. We need some entertainment. 

10
Uvah
on Jan 30, 2011

I don't think so.

11
yrag
on Jan 30, 2011

I don't think so.

No balls, no golf.

secpol.msc

You don't have it.

 

Control Panel\All Control Panel Items\User Accounts - Change account type

12
DrJBHL
on Jan 30, 2011

Thought he had W7 Pro, yrag.

13
Uvah
on Jan 30, 2011

I posted in another thread I have home premium. I did change account types in control panel. That I know how to do. Its just that I wanted to change the second user account type and remove admin rights from it. No sense having two of them. I'm getting drawn into this anyway. Okay ...... tell me where I screwed up.

14
yrag
on Jan 30, 2011

I posted in another thread I have home premium.

Shame on you Doc for not taking notes.....

 

Control Panel\All Control Panel Items\User Accounts

Post a snapshot of that panel.

15
the_Monk
on Jan 30, 2011

 

EDIT:

nevermind that post......lol.......didn't READ that he doesn't have Win7 pro  doh! 

 

2 Pages1 2 
Meta
Views
» 29493
Comments
» 25
Category
» Personal Computing
Comment
Recent Article Comments
Let's see your political mem...
LightStar Design Windowblind...
Let's start a New Jammin Thr...
A day in the Life of Odditie...
Safe and free software downl...
Veterans Day
A new and more functional PC...
Post your joy
AI Art Thread: 2022
WD Black Internal and Extern...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0