Microsoft Says Not To Press The F1 Key…. Really. They Did Say That.
This is too funny to make up. Microsoft has a security advisory that tells you not to use the F1 key which happens to be help in order to protect yourself from a an unpatched bug in VBScript that could run something nasty in Internet Explorer:
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.
Oh how delightful. This problem exists in a variety of Windows versions with the exception of Vista, Server 2008, and Windows 7. If you’re running anything else, it might be a really good time to switch browsers. Of course, you can always wait until a patch comes out. But this paragraph might make you change your mind:
Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.
Translation: This was leaked and Microsoft isn’t happy about that. It likely means that it will get fixed faster though now that everybody knows about it. But who knows. I say switch browsers, you’ll be safer. Trust me.
March 3, 2010 at 9:36 am
As if anyone ever actually means to hit F1 to look for “help”. MS could save a lot of hard drive space by not installing any help files. No help files would be just as useful as the ones they have included 😉