It sounds like the premise of a bad horror movie: Don’t press ‘Help’! That’s what Microsoft is telling users who may be affected by an attack that relies on them pressing F1, the universal key for help in Windows applications — potentially then giving a hacker access to their system.
But the threat is very real, and a whole range of Windows systems could be at risk, ranging from Windows 2000 SP4 all the way up to Windows 7. eSecurity Planet has the story.
Microsoft released a Security Advisory this week warning users of a zero-day vulnerability in the way older versions of Windows handle help files that could lead to system compromise.
The zero-day hole affects Windows 2000 Service Pack 4 (SP4), Windows XP SP2 and SP3, as well as 64-bit versions of XP Professional SP2, and Windows Server 2003. More recent releases of Windows, including Vista, Windows Server 2008, and Windows 7, are not at risk, Microsoft said in a statement e-mailed to InternetNews.com.
According to Microsoft’s advisory, the flaw is in the way VBScript processes help files in Internet Explorer.