Wednesday, March 3rd 2010

Do Not Press F1 If Requested To Do So By A Website.
Microsoft is investigating a vulnerability in VBscript that occurs when a user presses "F1". The vulnerability makes use of an interaction between VBscript and the help files of Internet Explorer. Once "F1" is pressed malicious code can be executed in the security context of the logged in user. This security issue only applies to users of Windows 2000, Windows 2003 Server, and Windows XP; Windows Vista and Windows 7 users are not affected. There is no word yet from Microsoft on what would occur if malicious code was executed using the vulnerability.
Microsoft TechNet
51 Comments on Do Not Press F1 If Requested To Do So By A Website.
Glad I switched to Firefox (not saying it's bulletproof either!).
sorry, couldn't resist :p
Vista and 7 are still a distinct minority, when compared.
But I think he was refering to us here at TPU, the enthusiasts. Most of us are using Win7/Vista now.
I did it and it opened a new tab in Firefox :toast:
Is it not more likely that people will press like telling a kid not to do some thing..
Unpatched critical flaws
On September 8, 2009, Microsoft skipped patching two of the five security flaws that were addressed in the monthly security update, saying that patching one of the critical security flaws was "infeasible".[95] According to the Microsoft Security Bulletin MS09-048, "The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems, making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability. To do so would require re-architecting a very significant amount of the Microsoft Windows 2000 Service Pack 4 operating system, [...] there would be no assurance that applications designed to run on Microsoft Windows 2000 Service Pack 4 would continue to operate on the updated system."
It is 10 years old at this point, anyone still running 2000 should consider themselves lucky they are even still getting security patches.
Being old doesn't mean it won't work.
why you would need or want to ever use F1 in IE is beyond me, let alone why you would press it after a website told you to. especially considering the types of sites that would be asking this...