Filed under: Security, Browsers
Look at it up there, in the top left corner, just above your middle finger, all innocuous-looking… just gagging to be depressed… you could just give F1 a little tickle, no one would know… STOP! Don’t do it! At least, not if you’re on Windows 2000, XP or Server 2003. A few days ago a warning appeared on Microsoft’s Security Response Center, in it they detailed an attack involving pop-up boxes and the F1 key. There’s now a full Security Advisory on the issue, and if you’re running one of the affected operating systems you should read it.
In essence: if you hit F1 in response to a pop-up dialog, an attacker could execute arbitrary code (i.e. hack you). All it takes is some cleverly-crafted VBScript — but Microsoft says it’s not aware of any such attacks currently in the wild. The good news is, it only affects you if you’re using Internet Explorer — the bad news is, it probably won’t be patched for some time, so some old business machines will no doubt get compromised before a fix is in place. I wonder if the new browser ballot thing warns users about unpatched security holes before they choose a browser to install…Microsoft confirms the ‘F1′ key as potentially deadly originally appeared on Download Squad on Thu, 04 Mar 2010 07:15:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
