Recently, Microsoft has recently released Security Advisory 981169 – a vulnerability in Windows 2000, XP and Windows Server 2003 with certain service packs while using Internet Explorer.
The big deal is that due to the nature of the vulnerability, pressing “F1″ – traditionally used to open the help window – while on some web sites can cause Internet Explorer to execute remote code that could infect your computer with a virus or cause the leak of private personal or corporate information.
According to Microsoft’s advisory bulletin, the exploit or attack must be initiated by the end user. This means that even though a user visits a web site with the malicious code running on it, the attack wouldn’t happen until the user actually opened the help system in Internet Explorer. In addition to this information, Microsoft has offered some workarounds until they have found a solution to fix the vulnerability. While some are simple:
“Do not press the F1 key when prompted by a Web site.”
“Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones.”
Some are more complicated and could cause other problems as a result:
“Restrict access to the Windows Help System.”
Restricting access to the Help system as described in the bulletin will affect all users and can make the Help system unavailable for any users that are not allowed to access the program “winhlp32.exe”.
In the meantime we recommend that users take a few minutes to have a look at the bulletin and to ask their IT support team about what the vulnerability means to end-users. Also, if a web site asks you to do something unusual, it’s likely best not to do it – ask an admin first.
- Microsoft Security Advisory (981169) – Vulnerability in VBScript Could Allow Remote Code Execution (http://www.microsoft.com/technet/security/advisory/981169.mspx)
- US-CERT/NIST – Vulnerability Summary for CVE-2010-0483 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0483)