Microsoft Warns Windows XP Users To Avoid F1 Key In Internet Explorer

2010 has not been kind to Microsoft's security team. In under a month's time, we've seen Microsoft address a bug that was supposed to fix an ancient exploit but instead caused more headaches, all while having to encourage consumers not to be duped by a fake security site parading around as something useful. As if those software savvy folks up in Washington didn't have enough on their plates, the company has today issued yet another startling advisory, and this is easily one of the more bizarre ones that we've seen.

Microsoft has gone public with an investigation into a "a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer." This is quite significant because a huge majority of PCs in the world still rely on Windows XP, and many corporate environments haven't upgraded or switched away from IE. To date, Microsoft has yet to find evidence that this exploit could harm Windows 7, Vista or Server 2008 users.



The primary problem that we're dealing with here is "remote code execution," and while the company admits that they aren't aware of any attacks that take advantage of the vulnerabilities, they're obviously looking to patch things up before it gets bad. Here's Microsoft's exact explanation of the issue:

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.


Did you catch that? The part about the "F1" key? In a few words, Microsoft is actually advising Windows XP users who rely on IE to not use their F1 key, which is kind of crazy when you think about it. Thankfully, not many people actually rely on the F1 key in day-to-day use, but just imagine the outrage if "F1" were replaced with "A." The public is being told that the problem is being worked on, though there is no time table given as to when we can expect a fix. Just push those F1 urges aside from awhile, and everything should be just fine.

Via:  Microsoft
blog comments powered by Disqus