This seems to be another variation of some previous vulnerabilities regarding MHTML in Internet Explorer. This one uses the MS-ITS InfoTech Protocol to force redirection of MHTML. Exploiting this vulnerability is believed to allow the attacker to execute code on the target machine in the context of Local Zone which generally has much less restrictive security settings.
The zero-day exploit that is out there is reported to download a handful of components to the target computer, including a backdoor and a component that will attempt to terminate most antivirus, firewall and other security software.
That is just one exploit though. There is no existing patch to defend against this at this time. One caveat is that in order for this exploit to work a user with a vulnerable system must somehow be tricked or lured into visiting a web page containing the malicious code.
A possible workaround would be to remove the file association in Windows that allows CHM files to be executable. Follow these steps:
- Open Windows Explorer
- Click on Tools
- Click on Folder Options
- Click on File Types tab
- Scroll to the CHM type
- Either delete or modify it so it isn't executable
The problem with this is that you will be disabling all CHM files so Windows Help will be effectively disabled.
You could also filter incoming HTML for specific lines of code once exploits are identified, but that is tedious and high-maintenance and may impact the speed and performance of your network. One of the best things to do for now is to just be very cautious about what web sites you visit. As exploits are discovered they should be identified and included in antivirus software updates. That should work to protect users in the short term until Microsoft can issue a patch which protects against the vulnerability altogether.
