Older Windows OSes At Risk Of F1 Key Vulnerability

Software giant Microsoft has revealed that the company is currently investigating a critical security issue in the Windows XP Service Pack 3 that comes from the Windows Visual Basic language and Windows Help for its Internet Explorer browser.

Senior Security Communications Manager Lead at Microsoft Jerry Bryant said on the cmopany's Security Response Center (MSRC) section that the security bug would allow a hacker, who is hosting a website containing malicious content, to run an arbitrary code on the victims machine by tricking them into pressing the F1 help button by the means of a pop-up window.

However, the Microsoft security expert also revealed that the vulnerability only affects the older versions of Windows operating system including Windows XP SP3 while users of Windows 7, Windows Server 2008, and Windows Vista are not in danger from a malicious attack of such nature.

Commenting on the issue, Bryant wrote on the security blog that “Once we have completed our investigation, we will take appropriate action to protect customers. To minimize risk to computer users, Microsoft continues to encourage responsible disclosure. Responsible disclosure protects the computer ecosystem and individual computer users from harm.”

Our Comments

Now that's something quite surprising given the fact that it requires the user to interact with their keyboard and press a little used key. I for once can't even remember the last time I used the F1 key. Expect Microsoft to come up with something soon. It has yet to announce anything for its regular patch Tuesday.

Related Links

Net closes in on Microsoft as users are given freedom to explore

(Times Online)

Microsoft offers alternative web browsers to customers in Europe

(BBC)

Microsoft: Don't press F1 key in Windows XP

(Computer World)

IE code execution bug can bite older Windows

(The Register