Software giant Microsoft has issued an advisory for a new zero-day vulnerability in its Windows operating system that could allow a hacker to fool people into installing malicious software.
The Microsoft security advisory explains that a bug in the Windows' MHTML (MIME HTML) protocol is capable of allowing hackers to insert malware scripts within the Internet Explorer web browser.
Security experts believe that the bug is a variant of a cross side scripting vulnerability exploited by hackers to insert dubious code within a web browser. With this, hackers can then steal valuable data and fool users into downloading malware on their systems.
Angela Gunn, spokesperson for Microsoft security, said in a blog post: “For instance, an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.”