[BITList] Don't press F1 in Windows XP: Microsoft
wulguru.wantok at gmail.com
Thu Mar 4 12:47:15 GMT 2010
Begin forwarded message:
Don't press F1 in Windows XP: Microsoft
3 Mar, 2010, 0037 hrs IST, Indiatimes Infotech,
NEW DELHI: The software giant Microsoft has told Windows XP users not to
press the F1 key when prompted by a Web site, as part of a security
The advisory has been issued regarding an unpatched vulnerability that
hackers could exploit to hijack PCs running Internet Explorer (IE). In
the advisory, Microsoft confirmed the unpatched bug in VBScript that
Polish researcher Maurycy Prodeus had revealed last week.
"The vulnerability exists in the way that VBScript interacts with
Windows Help files when using Internet Explorer. If a malicious Web site
displayed a specially crafted dialog box and a user pressed the F1 key,
arbitrary code could be executed in the security context of the
currently logged-on user. On systems running Windows Server 2003,
Internet Explorer Enhanced Security Configuration is enabled by default,
which helps to mitigate against this issue," reads the advisory.
Recently, Prodeus called the bug a "logic flaw," and said attackers
could exploit it by feeding users malicious code disguised as a Windows
help file and convincing them to press the F1 key when a pop-up
appeared. Such files have a ".hlp" extension.
Windows 2000, Windows XP and Windows Server 2003 are impacted by the
bug, said Microsoft, and any supported versions of Internet Explorer
(IE) on those operating systems, including IE6 on Windows XP, could be
exploited by hackers.
The security advisory said, "Our analysis shows that if users do not
press the F1 key on their keyboard, the vulnerability cannot be exploited."
Users can also thwart the attacks by disabling Windows Help.
What Windoze should have suggested was = buy an Apple iMac.__._,_.___
What Micro$oft should have said was - buy an Apple iMac...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the BITList