Microsoft Warns on Help File Threat


It sounds like the premise of a bad horror movie: Don’t press ‘Help’! That’s what Microsoft is telling users who may be affected by an attack that relies on them pressing F1, the universal key for help in Windows applications — potentially then giving a hacker access to their system.


But the threat is very real, and a whole range of Windows systems could be at risk, ranging from Windows 2000 SP4 all the way up to Windows 7. eSecurity Planet has the story.



Microsoft released a Security Advisory this week warning users of a zero-day vulnerability in the way older versions of Windows handle help files that could lead to system compromise.

The zero-day hole affects Windows 2000 Service Pack 4 (SP4), Windows XP SP2 and SP3, as well as 64-bit versions of XP Professional SP2, and Windows Server 2003. More recent releases of Windows, including Vista, Windows Server 2008, and Windows 7, are not at risk, Microsoft said in a statement e-mailed to InternetNews.com.

According to Microsoft’s advisory, the flaw is in the way VBScript processes help files in Internet Explorer.



Read the full story at eSecurity Planet:


Microsoft Warns: Don’t Press “F1”

News Around the Web