Wednesday, March 3rd 2010
Do Not Press F1 If Requested To Do So By A Website.
Microsoft is investigating a vulnerability in VBscript that occurs when a user presses "F1". The vulnerability makes use of an interaction between VBscript and the help files of Internet Explorer. Once "F1" is pressed malicious code can be executed in the security context of the logged in user. This security issue only applies to users of Windows 2000, Windows 2003 Server, and Windows XP; Windows Vista and Windows 7 users are not affected. There is no word yet from Microsoft on what would occur if malicious code was executed using the vulnerability.
Source:
Microsoft TechNet
51 Comments on Do Not Press F1 If Requested To Do So By A Website.
If a old PC gets infected as the user is stupid, using 2000, and is complaining about their 2000 caddy not having warranty still.....well. F em. I will gladly take their money to fix their old and broken.
This exploit was carried forward into ME and XP to a degree. Help files are ran at user assistance level and possible upgraded privileges. UAC removed the means to access a users files.
You all must realize that the browser runs at equal rights with the user account in the majority of instances, so if you can browse to a file in a scripted window and open, copy, delete, or work with files, so can a remote user. All that is required is the initial authorization, by visiting the site you have already created the tunnel.
I use XP, but i never use IE (POS) Seamonkey all the way, so im all safe.
On the other hand i might tell my customers to press F1, that will increase work for me :D:laugh:
Does anybody know if this error also occurs during a system start? I get it every time I restart my system.
VJC1945
You need to recheck your bios settings.
I appreciate your response. I just re-installed WINDOWS and no changes were made to the BIOS.
I wish it was that simple. I've been chasing this problem for over a month. I hoped that re-insalling
WINDOWS would solve the problem.
+1 thx for the info.
I wish I could. I just joined this site and I am not familiar with it's options.
Screen states that I can not start a new thread.
So at post, what is the computer displaying on monitor? "CMOS Checksum error Press F1 to continue">? If you are getting that you will need to enter bios load optimized defaults, then F10 and save. That is just assuming that's the problem you are having.
If the board is older the battery may have died, or could happen with a new board as well, and is not storing the bios settings each time you disconnect power from it.