MSA 2501696 - Mitigating Factors and Suggested Actions RRS feed

  • Question

  • The MSA as in subject lists three suggested actions in chapter "Mitigating Factors and Suggested Actions". Are these to be applied all together? Or any of them? "Impact of workaround. The MHTML protocol will be restricted to prevent the launch of script in all zones within an MHTML document. Any application that uses MHTML will be affected by this workaround. Script in standard HTML files is not affected by this workaround." What does it practically mean for end users? For non-PC-freak users, nor for IT security experts. They do want to know what mhtml nor any other technical term is. They only want to have advantages of theirs operation.
    Sunday, March 13, 2011 2:35 PM

All replies

  • OK, I agree this is clear as mud. So MHTML is used to create a single file that contains all the HTML code, images, and scripts associated with a page (or pages) and place their absolute links in that single container. If you go into IE and choose the "Save As" option, it will prompt you to save that page as an MHTML resource. It’s very handy for off-line viewing of content or possibly creating a help file for a resource that is off-line.

    The MSA listed above simply states that MHT files will no longer execute as local resources in a trusted Zone, which will prevent any Scripting within the MHT file from executing. This could break the functionality of the MHTML file if it relies heavily on that scripting to work.

    In most cases, this is a low-impact issue for most clients anyway. if you are providing MHTML files as part of your business model, then I would switch to something like DHTML for functionality. If it uses a <script> tab it won’t work post patch.

    I hope this clarifies this issue.

    Ken F
    MCIPT - Ent Admin


    Ken F
    Saturday, November 19, 2011 4:04 PM