Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: SA43093 - impacts of workaround by vendor

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as locked.
aaaaaaaaaaaaaaaaa SA43093 - impacts of workaround by vendor
Member 29th Jan, 2011 16:27
Ranking: -5
Posts: 41
User Since: 15th Dec, 2008
System Score: 100%
Location: N/A

The vendor is proposing following measures of mitigation:
"Enable the MHTML protocol lockdown"
with following impact of workaround
"The MHTML protocol will be restricted to prevent the launch of script in all zones within an MHTML document. Any application that uses MHTML will be affected by this workaround. Script in standard HTML files is not affected by this workaround."

What does it practically mean for end-users?
They don't want to detail with technical details of underlying implementation.
All they need is information about functional restrictions.

Maurice Joyce RE: SA43093 - impacts of workaround by vendor
Handling Contributor 29th Jan, 2011 17:30
Score: 11563
Posts: 8,887
User Since: 4th Jan 2009
System Score: N/A
Location: UK
The Secunia Advisory gives details & a link to Microsoft that explains it in much more detail.

The link offered is here:

http://www.microsoft.com/technet/security/advisory...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
aaaaaaaaaaaaaaaaa RE: SA43093 - impacts of workaround by vendor
Member 29th Jan, 2011 17:38
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: 100%
Location: N/A

I am sorry for misunderstanding.
My question above has been asked after had visited vendor's page.
That explanation doesn't fit to end-users, the PC non-freaks.

Was this reply relevant?
+0
-0
ddmarshall RE: SA43093 - impacts of workaround by vendor
Dedicated Contributor 29th Jan, 2011 18:25
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
If you go to a website that uses the feature that is disabled by the workaround, you will see an Internet Explorer information bar like the one in the illustration in this article http://blogs.technet.com/b/srd/archive/2011/01/28/...

If you trust the website, you can click the information bar to allow it to continue. The consensus is that you are unlikely to experience any problems viewing most websites with this workaround.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability