Ramblings of an old Doc
MHTML Vulberability
Published on January 30, 2011 By DrJBHL In Personal Computing

Windows (ALL current editions) is vulnerable to a hack through it’s MIME HTML handling protocol. This vulnerability would allow malicious code to be run through Internet Explorer and through Opera. This is a variant of XSS (Cross Site Scripting).

Firefox requires an add-on to read and write MHTML files. In it’s default configuration it is not vulnerable, Safari and Chrome are not either.

Microsoft recommended that users lock down the MHTML protocol handler by running a "Fixit" tool it's made available. This is not a patch. That will require more time to develop because this is a Windows vulnerability, not an iE one.

The Fixit tool can be accessed from Microsoft's support site . It has the undo tool there as well for when the real fix comes. This edits the registry and automatically makes a restore point before installing.

The current list of vulnerabilities not fixed by MS can be found HERE.

The CSS flaw I reported on in December can be addressed with a work around you can find HERE. The uninstall for it can be found HERE.


Comments (Page 2)
2 Pages1 2 
on Jan 30, 2011

It has the undo tool there as well for when the real fix comes.

Crap.  Hope I get that part right.  Have visions of doing the final patch without undoing the temporary one.

on Jan 30, 2011

 

Uvah,

If you don't have at least one account as an "administrator" it won't let you take admin rights away from another.  My question is........are you sure that there is at least one admin user in the list?

on Jan 30, 2011

Okay. Next.

 

on Jan 30, 2011

I strongly urge a backup.



Control Panel\All Control Panel Items\User Accounts\Manage Accounts\Create New Account

Create a second Admin account (no password). Hit 'Create account'

Click on the new account and enter a different password twice.(ignore the warning).

DO NOT CLOSE DIALOG BOX

Click on original Admin account and change to 'Standard'

Close. Log off/log on to new account

on Jan 30, 2011

Uvah: Here's some backup software for you:  https://forums.wincustomize.com/404683

 

on Jan 30, 2011

First things first. All done. Problem solved. One admin, one standard and it didn't even hurt. Thank you yrag.

@Doc .... got it.

on Jan 30, 2011

Good news! Gary, Thanks for your help.

on Jan 30, 2011

What I didn't expect was to have to rebuild my 'desktop' from scratch. Going back after all the .exe's and stuff. Tons-a-fun. lol

on Jan 31, 2011

I hate workarounds - not for me.  They are usually simple - but have you tried talking your aunt Mabel through them>?????

Thanks for the tip.  I hope MS gets a patch quickly.

on Jan 31, 2011

This is a good place to post this. Just now I got a message about an update for firefox called Update Browser. As the author was verified I allowed it to install then I checked out the url http://www.nu-browser.com and got a 404 in return. I quickly uninstalled it. It may or not be genuine but I wasn't going to take the chance.

2 Pages1 2