Don’t press F1 in Windows XP

Microsoft warns Windows XP users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box.

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer.

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Users running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks, Microsoft said.

Pin It on Pinterest

Shares