gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76499 Posts in 13435 Topics by 2084 Members - Latest Member: MagixMark September 21, 2020, 01:18:43 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Windows XP users warned over F1 key
gfx
gfxgfx
 

Author Topic: Windows XP users warned over F1 key  (Read 451 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Windows XP users warned over F1 key
« on: March 03, 2010, 01:10:54 am »
http://www.pcadvisor.co.uk/news/index.cfm?newsid=3213920

Quote
Microsoft has warned Windows XP users not to press the F1 key when prompted by a website, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued on Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed on Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

"The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer," read the advisory. "If a malicious website displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user."

Last week, Prodeus called the bug a "logic flaw", and said attackers could exploit it by feeding users malicious code disguised as a Windows help file - such files have a '.hlp' extension - then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as 'medium' because of the required user interaction.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems - including IE6 on Windows XP - could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a website tells them to, said Microsoft.

For most of you this will be obvious, but there will be a few newbies that could get caught out.  :gum:

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Windows XP users warned over F1 key
 

gfxgfx
gfx
©2005-2020 WinMXWorld.com. All Rights Reserved.
SMF 2.0.17 | SMF © 2019, Simple Machines | Terms and Policies
Page created in 0.025 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!