Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database.
 
Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows is likely to be exploited quickly by criminals seeking to make money before patches become widely deployed. Given that this vulnerability is present in not just one but all currently-supported versions of Microsoft Windows it seems likely we will receive more reports of HTML/Exploit.CVE-2011-0096.A in the future.
 
In Microsoft's own Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure advisory, Microsoft provides three suggested actions, including a Microsoft Fix it you can run on your computer. If you are unfamiliar with these, Microsoft Fix its are a new type of troubleshooting program created by Microsoft for diagnosing and solving various types of computer problems. In this case, the Fix it automatically changes the registry settings needed to lock down the MHTML protocol.
 
So far, we have not seen any problems after applying the Fix it, so I would like to suggest that even if you do not use Microsoft Internet Explorer as your default browser that you run the Fix it or apply the registry changes manually.
 
For more information about the MHTML vulnerability, see the following:
 
 
As previously stated, exploitation of this vulnerability remains quite low; however, we have also seen countless examples in the past where vulnerabilities in a popular operating system or application have been exploited on a massive scale. The best time to protect yourself against such threats is before they become a problem.

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher