Microsoft has warned all windows users about a publicly disclosed scripting vulnerability in MHTML protocol handler. This is a MIME Encapsulation of Aggregated HTML termed as MHTML which is used by applications to render certain kinds of documents.
The vulnerability affects all users on Windows XP and later. The vulnerability could be exploited through any version of IE. An attacker could construct a webpage with malicious script that can exploit this vulnerability through IE and convince the targeted users to visit the page. When user clicks on the link and visits the malicious page the malicious script will be executed on users computer in the current IE session. Cyber criminals can use this newly found vulnerability to steal sensitive user information.
Microsoft has recommended a workaround which is a kind of FixIt tool that locks down the MHTML protocol. For more details on the vulnerability, who are affected and how to apply the work around please visit Microsoft blog post at below link:
We recommend all Quick Heal users to read the above blog post and apply the workaround which will help protect the systems till Microsoft comes out with update.