There is a new vulnerability that affects all supported versions of Windows and some unsupported versions. For you techies the “Vulnerability in MHTML Could Allow Information Disclosure” advisory is at https://www.microsoft.com/technet/security/advisory/2501696.mspx. If you are not a techie you might want to take a look and see how much you can understand. By reading the security bulletins and asking questions you will find that over time you learn more and more about computers and security.
For the non-techies there is a problem where a specially crafted web page might be able to get information from you. Although Microsoft has seen no evidence of the exploitation of the vulnerability they do advise taking some action to protect yourself until a patch is available. The security advisory contains information about what registry settings need to be changed, but there is also a “fix it for me” tool that you can get at http://support.microsoft.com/kb/2501696.
Microsoft does advise that a side effect may be a lot of pop-up warnings on some sites. One way to decrease the pop-up warnings is to add trusted sites, like your bank, to the trusted zone in Internet Explorer. You might want to try the fix. If the fix becomes too annoying the same place you get the “fix it” tool has another tool to undo the change.
The side effects only talk about Internet Explorer, so I am not certain if there is any benefit to installing the mitigation if you exclusively use a different browser… in this specific case. This is not to say that you shouldn’t use Internet Explorer as all browsers have vulnerabilities from time to time. Personally I use Firefox most of the time because of the add-ons. Sometimes those security add-ons make things difficult with some sites, so I also use Internet Explorer, Chrome, and occasionally Safari.
Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center –ESET LLC