MS Releases Lock-Down Fix for Critical MHTML Bug

Dennis Faas's picture

Hackers are actively exploiting a bug that involves both Windows and Internet Explorer. Google believes the hackers may be targeting specific users.

The bug involves MHTML, which is a special format designed to combine all the different files of a web page, such as the coding for the text and layout, the image files and video files, into a single file. It was originally developed as a way for a user to save an entire webpage to their desktop without winding up with a messy collection of files, but can also be used as a web link.

The vulnerability involves the way that Internet Explorer and Windows interact in using the MHTML system. The gist of the issue is that a malicious link could not only cause the computer to load the relevant files, but also to run a script. In other words, the MHTML bug can carry out a sequence of actions determined by an attacker.

Serious MHTML Attacks Already Underway

Microsoft first announced the problem in January, but at that time it appeared the method would be too complicated for any attackers to take advantage.

That's now proven to not be the case. Hackers are now known to be using the loophole for three different types of attack: interfering with web browsing; making bogus information appear as if it were on a legitimate website (such as messages designed to trick the user into downloading and installing malware), and collecting information from a user's computer.

Google says it's found evidence hackers are using the MHTML flaw to go after some of its online customers, calling the attacks "highly targeted and apparently politically motivated." It's tweaking its systems to make it harder to exploit the problem, but says this solution is neither 100% reliable nor sustainable. (Source:

Temporary MHTML 'Fix It' Available Now

Microsoft has issued a temporary "Fix it" tool that offers greater protection without the need to manually change computer settings. Both the bug itself and the "Fix it" tool work on all versions of Windows and Internet Explorer. (Source:

The "Fix it" tool is only a stopgap measure and it now seems likely Microsoft will offer a full patch as soon as a permanent solution is found -- a task that will have become a much higher priority with the new attacks.

The "Fix it" tool to lock down MHTML is available here.

Rate this article: 
No votes yet