Skip to content

Microsoft confirms the 'F1' key as potentially deadly

Filed under: Security, Browsers

Look at it up there, in the top left corner, just above your middle finger, all innocuous-looking... just gagging to be depressed... you could just give F1 a little tickle, no one would know... STOP! Don't do it! At least, not if you're on Windows 2000, XP or Server 2003. A few days ago a warning appeared on Microsoft's Security Response Center, in it they detailed an attack involving pop-up boxes and the F1 key. There's now a full Security Advisory on the issue, and if you're running one of the affected operating systems you should read it.

In essence: if you hit F1 in response to a pop-up dialog, an attacker could execute arbitrary code (i.e. hack you). All it takes is some cleverly-crafted VBScript -- but Microsoft says it's not aware of any such attacks currently in the wild.

The good news is, it only affects you if you're using Internet Explorer -- the bad news is, it probably won't be patched for some time, so some old business machines will no doubt get compromised before a fix is in place. I wonder if the new browser ballot thing warns users about unpatched security holes before they choose a browser to install...

Microsoft confirms the 'F1' key as potentially deadly originally appeared on Download Squad on Thu, 04 Mar 2010 07:15:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Add to digg
Add to
Add to Google
Add to StumbleUpon
Add to Facebook
Add to Reddit
Add to Technorati

img.phdo?kw=Microsoft - Internet Explorer - Windows XP - VBScript - Operating system


downloadsquad?i=LUjNPrG1Atk:unB_BWzat5U:wF9xT3WuBAs downloadsquad?i=LUjNPrG1Atk:unB_BWzat5U:V_sGLiPBpWU