Microsoft Warns Windows XP Users To Avoid F1 Key In Internet Explorer

Microsoft Warns Windows XP Users To Avoid F1 Key In Internet Explorer

2010 has not been kind to Microsoft's security team. In under a month's time, we've seen Microsoft address a bug that was supposed to fix an ancient exploit but instead caused more headaches, all while having to encourage consumers not to be duped by a fake security site parading around as something useful. As if those software savvy folks up in Washington didn't have enough on their plates, the company has today issued yet another startling advisory, and this is easily one of the more bizarre ones that we've seen.

Microsoft has gone public with an investigation into a "a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer." This is quite significant because a huge majority of PCs in the world still rely on Windows XP, and many corporate environments haven't upgraded or switched away from IE. To date, Microsoft has yet to find evidence that this exploit could harm Windows 7, Vista or Server 2008 users.



The primary problem that we're dealing with here is "remote code execution," and while the company admits that they aren't aware of any attacks that take advantage of the vulnerabilities, they're obviously looking to patch things up before it gets bad. Here's Microsoft's exact explanation of the issue:

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.


Did you catch that? The part about the "F1" key? In a few words, Microsoft is actually advising Windows XP users who rely on IE to not use their F1 key, which is kind of crazy when you think about it. Thankfully, not many people actually rely on the F1 key in day-to-day use, but just imagine the outrage if "F1" were replaced with "A." The public is being told that the problem is being worked on, though there is no time table given as to when we can expect a fix. Just push those F1 urges aside from awhile, and everything should be just fine.
0
+ -

That is a truly odd one. The A replacement comment playing forefront in it as this could be any key on your keyboard. Glad I have not used IE as a primary for many years.

0
+ -

Agreed rapid1. And I don't use IE much either but I'm curious, what function does F1 serve for most people? I know it plays a role in gaming and if I press it now...oh nooooooooo. Just kidding, when I press it now it brings up Firefox Help. Does F1 bring up IE Help?

0
+ -

Yes it does Zestia. F1 is normally set to bring up the help of whatever program is active.

0
+ -

Gracias InfinityzeN - much obliged.

0
+ -

Gawd!

It never stops!, and proves once again, that "Using Internet Explorer Is Like Being Slowly Pecked To Death By Chickens."

0
+ -

Reminds me of the old Windows startup error message:

ERROR: No keyboard detected. Press F1 to continue.

0
+ -

LMFAO clem :D (maybe there was a F1 addon that was apart from the keyboard :P lol)

i haven't used internet explorer in 2 years or so...

0
+ -

You pays your money and you takes your choice. Those who choose to use IE as their browser are going to have to take the consequences. Hope no one will miss the F1 key in China, where IE6 still enjoys a market share of over 60 % !...

Henri

0
+ -

As a workaround, users who need help are advised to press the F2 key halfway down.

And buy a Mac.

0
+ -

No need to buy a Mac ; just install a better (non-Windows) OS on your PC !...

Henri

0
+ -

I would have said that too... but anyone who needs help needs a Mac. LoL

- Irritate Windows users. Check.

- Irritate Mac users: Check.

Hmm... now let me see what I can do about the one guy around here still running BeOS.

0
+ -

More Reason to by Windows 7.

Login or Register to Comment
Post a Comment
Username:   Password: