Microsoft: Every Current Version of Windows Has a Gaping Hole in It

Software giant Microsoft said today that it’s looking into a new vulnerability that affects every version of Windows currently supported. This is one of those zero-day vulnerabilities that come out of left field once in awhile and can be used by hackers to create troublemaking attacks.

According to a post on Microsoft’s corporate security blog, the vulnerability resides in something called MIME HTML or MHTML, which allows certain Web content to be rendered in a browser or other applications, such as an email program. As with so many other vulnerabilities that have come before it, an attacker sends you an HTML link to trigger a script in Internet Explorer that could do bad things, like collect user information.

The easiest fix? Use Firefox or Google’s Chrome browser, which are unaffected. But for those devoted to IE, Redmond is suggesting that people turn off the ability to handle MHTML until a fix is ready. How to do that? There’s a helpful FixIt button, in yet another blog post on the subject, that downloads the software needed to enable the temporary measure.

The vulnerability was first disclosed on a Chinese Web site last week. So far, there’s no evidence that anyone has gone to the trouble of carrying out an attack using this method, but hey, with zero-day vulnerabilities, you never know.