Via Gregg Keizer, Computerworld
Microsoft today warned Windows users of a new unpatched vulnerability that attackers could exploit to steal information and dupe people into installing malware.
In a security advisory issued Friday, Microsoft acknowledged that a bug in Windows' MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer (IE).
(Full Article) Windows Flaw Allows IE Hack
Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
Microsoft recommends that users lock down the MHTML protocol handler by running a "Fixit" tool it's made available. The tool automates the process of editing the Windows registry, which if done carelessly could cripple a PC, and lets IE users continue to run MHTML files that include scripting by clicking through a warning.
The Fixit tool can be accessed from here:
Microsoft Security Advisory: Vulnerability in MHTML could allow information disclosure