Skip to main content

Hackers Exploiting Internet Explorer MHTML Vulnerability

Google's online security team has revealed that hackers are exploiting an Internet Explorer vulnerability that was originally discovered back in January.

According to a post on the Google Online Security Blog, the company is seeing 'highly targeted and apparently politically motivated attacks' exploiting a publicly disclosed vulnerability in Internet Explorer.

The vulnerability exists in the manner in which Internet Explorer manages MHTML files, that combine multiple file formats with HTML content onto a single file.

Microsoft had said in a January blog post that the vulnerability can be used to initiate drive-by attacks. Drive by attacks work by creating malicious websites that manipulate a web browser into running a malware injected JavaScript code. Users can also be duped into installing additional code that can further exploit vulnerabilities.

Google advised its users that in order to avoid the attacks, which are also targeting a popular social networking website, they can install a temporary fix that Microsoft is offering until a full patch is released.

The search engine giant also says that it is deploying temporary measures that will make it harder for attackers to exploit the aforementioned vulnerability.

“The abuse of this vulnerability is also interesting because it represents a new quality in the exploitation of web-level vulnerabilities. To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services,” the company said in a statement.