Skip to main content

Microsoft Warns of Windows Script Injection Hole (MHTML Script Injection Vulnerability)

Microsoft on Friday released a security advisory for a publicly-disclosed vulnerability in all versions of Windows. Microsoft Security Advisory #2501696 describes a bug in the MHTML handler in Windows which could lead to information disclosure.

MHTML (MIME Encapsulation of Aggregate HTML) is a web page archive format used to combine resources that are typically represented by external links (such as images, Flash animations, Java applets, audio files) together with HTML code into a single file. The content of an MHTML file is encoded as if it were an HTML e-mail message, using the MIME type multipart/related. The vulnerability is similar to a cross-site scripting bug on a web page, in which HTML and script from another site is executed in the web page context. In this case, script could be executed in the client-side context.

Microsoft has provided a temporary workaround "Fix it" link to disable the MHTML protocol handler. For more information on the How-To and implications of applying the fix, read more here.

To fix it right away, click the following icon (link points to Microsoft):
"Fix it" link to disable the MHTML protocol handler

Popular Posts

Ho Ching named 5th most powerful and is mistaken as first lady by Forbes

Forbes named Singapore Prime Minister wife and CEO of Temasek Holdings, Ho Ching, as the 5th most powerful woman in the world. Ho Ching is mistaken as Singapore's first lady! OMG!

I wonder how can Forbes makes such a blunder. For a complete list, refer to here.

How to stop FortiClient from starting automatically?

Installed FortiClient recently but the challenge in disabling the application/service from running automatically on every start-up annoyed me. Attempt to stop 'FortiClient Service Scheduler' only return 'Parameter is incorrect' error message.

An article on Technet help solve my trouble. To stop FortiClient from starting automatically, try the following:
Shut down FortiClient from the system tray.
Run net stop fortishield on command prompt.
Run msconfig.
On msconfig, switch to the Services tab. Clear the FortiClient Service Scheduler check box and click Apply.Run services.msc on command prompt to open up show all available services.Look for FortiClient Service Scheduler. Switch Startup type to Manual.Restart your computer. FortiClient should not be running automatically the next time round. Hope it helps.
QET next week

My friend admitting to NTU this month had had their QET few days back and from them, their QET's format was straightforward and questions to me was simple. 2 close passages with some blanks for students to fill in and a 300 words essay to be written from many topics to choose from. Topics available to choose from are like "Why do you choose NTU?", "Describe one major recent event just happened in your country", "What do you want to do in the future?", etc. Very simple to write essay with 300 words limit. But then for NUS, it is a very different story. 1 close passage with many grammatical phrases underlined for you to edit and a 500 words essay to write. Before writing the essay, there will have 3 pre-reading topics for students to ponder and then a lengthy topic related article to read from. There is only ONE essay TOPIC to write on and it can be like "how your country's goverment can help reserve the originality of tourist spot…