The IT Nerd

This is too funny to make up. Microsoft has a security advisory that tells you not to use the F1 key which happens to be help in order to protect yourself from a an unpatched bug in VBScript that could run something nasty in Internet Explorer:

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Oh how delightful. This problem exists in a variety of Windows versions with the exception of Vista, Server 2008, and Windows 7. If you’re running anything else, it might be a really good time to switch browsers. Of course, you can always wait until a patch comes out. But this paragraph might make you change your mind:

Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Translation: This was leaked and Microsoft isn’t happy about that. It likely means that it will get fixed faster though now that everybody knows about it. But who knows. I say switch browsers, you’ll be safer. Trust me.

This entry was posted on March 2, 2010 at 7:44 pm and is filed under Commentary with tags Internet Explorer, Microsoft, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.