retroremakes
March 3rd, 2010, 05:05
http://cache.gawkerassets.com/assets/images/4/2010/03/500x_533180778_cb919b0416.jpgSo there's this tiny unpatched bug in VBScript that lets sneaky websites run malicious code on machines running Internet Explorer (http://gizmodo.com/tag/internetexplorer/) on Windows XP (http://gizmodo.com/tag/windowsxp/). It's triggered when you try to access the help menu by hitting the F1 key. Whoops.
According to a recent Microsoft security advisory:
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.
This means that all someone with ill intentions needs to do is create a website which has a somewhat convincing popup prompt to coax you into hitting F1. And tada! You've allowed him or her to run some kind of code on your machine.
It'll be a while before a patch is available for this bug, but in the meantime Microsoft suggests that you protect yourself by not pressing the F1 key if a Web site tells you to. [Microsoft (http://www.microsoft.com/technet/security/advisory/981169.mspx) via Computer World (http://www.computerworld.com/s/article/9164038/Microsoft_Don_t_press_F1_key_in_Windows_XP) via Slashdot (http://tech.slashdot.org/story/10/03/02/1924237/Microsoft-Says-Dont-Press-the-F1-Key-In-XP?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashd ot%29)]
Picture by Karl Alvin (http://www.flickr.com/photos/karlalvin/533180778/)
http://ads.pheedo.com/img.phdo?p=1 (http://ads.pheedo.com/click.phdo?p=1)http://a.rfihub.com/eus.gif?eui=2226http://feeds.feedburner.com/~ff/gizmodo/full?d=H0mrP-F8Qgo</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:H0mrP-F8Qgo) http://feeds.feedburner.com/~ff/gizmodo/full?d=yIl2AUoC8zA</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/gizmodo/full?i=qUC8YvLYovM:vxs-Mn01BOg:D7DqB2pKExk</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:D7DqB2pKExk) http://feeds.feedburner.com/~ff/gizmodo/full?i=qUC8YvLYovM:vxs-Mn01BOg:V_sGLiPBpWU</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:V_sGLiPBpWU)
http://feeds.feedburner.com/~r/gizmodo/full/~4/qUC8YvLYovM
More... (http://feeds.gawker.com/~r/gizmodo/full/~3/qUC8YvLYovM/the-windows-xp-f1-bug-hijacking-computers-one-help-menu-at-a-time)
According to a recent Microsoft security advisory:
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.
This means that all someone with ill intentions needs to do is create a website which has a somewhat convincing popup prompt to coax you into hitting F1. And tada! You've allowed him or her to run some kind of code on your machine.
It'll be a while before a patch is available for this bug, but in the meantime Microsoft suggests that you protect yourself by not pressing the F1 key if a Web site tells you to. [Microsoft (http://www.microsoft.com/technet/security/advisory/981169.mspx) via Computer World (http://www.computerworld.com/s/article/9164038/Microsoft_Don_t_press_F1_key_in_Windows_XP) via Slashdot (http://tech.slashdot.org/story/10/03/02/1924237/Microsoft-Says-Dont-Press-the-F1-Key-In-XP?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashd ot%29)]
Picture by Karl Alvin (http://www.flickr.com/photos/karlalvin/533180778/)
http://ads.pheedo.com/img.phdo?p=1 (http://ads.pheedo.com/click.phdo?p=1)http://a.rfihub.com/eus.gif?eui=2226http://feeds.feedburner.com/~ff/gizmodo/full?d=H0mrP-F8Qgo</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:H0mrP-F8Qgo) http://feeds.feedburner.com/~ff/gizmodo/full?d=yIl2AUoC8zA</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/gizmodo/full?i=qUC8YvLYovM:vxs-Mn01BOg:D7DqB2pKExk</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:D7DqB2pKExk) http://feeds.feedburner.com/~ff/gizmodo/full?i=qUC8YvLYovM:vxs-Mn01BOg:V_sGLiPBpWU</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=qUC8YvLYovM:vxs-Mn01BOg:V_sGLiPBpWU)
http://feeds.feedburner.com/~r/gizmodo/full/~4/qUC8YvLYovM
More... (http://feeds.gawker.com/~r/gizmodo/full/~3/qUC8YvLYovM/the-windows-xp-f1-bug-hijacking-computers-one-help-menu-at-a-time)