Wednesday, March 03, 2010

MS: Be Careful With That F1 Function Key


Another problem for Microsoft. They will issue a patch soon to correct it.

Microsoft Corp. has a message for Windows 2000, XP and Server 2003 users: If you browse the Interwebs with Internet Explorer 6, 7, or 8, take care to ignore any prompts that ask you to hit the F1 key on your keyboard, as doing so may be unhealthful to your PC.

It turns out that there is a security flaw in the way these operating systems + browser versions process “Windows Help files” in such a way that is entirely unhelpful. That is, clicking on the F1 key when presented with a specially crafted pop-up box prompting you to do so could allow criminals to download and install malicious software to your computer.

[snip]

In a security advisory issued Monday, Microsoft said it may at some point issue a software update to address this shortcoming. Redmond’s advisory on this topic is available here. The organization responsible for this warning — Polish security firm iSec Security Research — has a bit more information here on the ins and outs of this bug.



...
Note: Headline links to source. Clicking on image will enlarge it (usually).

6 comments: