Microsoft Says Not To Press The F1 Key…. Really. They Did Say That.

This is too funny to make up. Microsoft has a security advisory that tells you not to use the F1 key which happens to be help in order to protect yourself from a an unpatched bug in VBScript that could run something nasty in Internet Explorer:

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Oh how delightful. This problem exists in a variety of Windows versions with the exception of Vista, Server 2008, and Windows 7. If you’re running anything else, it might be a really good time to switch browsers. Of course, you can always wait until a patch comes out. But this paragraph might make you change your mind:

Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Translation: This was leaked and Microsoft isn’t happy about that. It likely means that it will get fixed faster though now that everybody knows about it. But who knows. I say switch browsers, you’ll be safer. Trust me.

One Response to “Microsoft Says Not To Press The F1 Key…. Really. They Did Say That.”

  1. As if anyone ever actually means to hit F1 to look for “help”. MS could save a lot of hard drive space by not installing any help files. No help files would be just as useful as the ones they have included šŸ˜‰

Leave a Reply

%d bloggers like this: