All the latest UK technology news, reviews and analysis

Microsoft issues advisory on latest IE exploit

by Dave Neal

More from this author

02 Mar 2010

Comment: 1

  • Tweet this
Internet Explorer
The latest Internet Explorer problem relates to the use of help keys

Microsoft has issued a security advisory to update users about the latest vulnerability to hit Internet Explorer.

The problem relates to the use of help keys, particularly F1, and affects Windows 2000 and Windows XP by default, and to a lesser extent Windows 2003 Server.

Further reading

Microsoft said that its internal investigations had revealed that Windows 7, Windows Server 2008 and Windows Vista are not affected.

"With this issue, it is possible for a malicious web page to display a dialogue box which will trigger the execution of arbitrary code when the user presses the F1 key," the advisory said.

"The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key. Platforms are affected regardless of the Internet Explorer version installed.

"Though user interaction is required, the F1 keyboard shortcut does enable an attack scenario. In the exploit, a file path enables a .HLP file to be loaded from the local file system, SMB or WebDav."

Microsoft advised users to avoid pressing F1 on dialogue boxes presented from web pages or other internet content.

"If a dialogue box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to kill the Internet Explorer process," said the company in a security research note.

Users can also set Internet Explorer to show a prompt before running any Active X controls or scripting, which Microsoft said will not affect general browsing.

Do you agree?

Add your comment

micorsft bug

if they know what it is why ahve they not plougged it

Posted by: andy 03 Mar 2010

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Facebook home page

British Facebook hacker faces eight months in jail

Related white papers

Related articles

Related jobs

Today's top stories

Cloud computing suppliers announced by government

Government launches G-Cloud store with 257 cloud computing suppliers

Microsoft Windows 8 start screen

Top 10 Microsoft Windows 8 features to be excited about

Barclays Pingit Application in use on an iPhone

Barclays launches Pingit mobile payment service for iPhone, Android and BlackBerry

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

97%

1%

1%

0%

1%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Inside Sales / Fluent French / London / 30K TO 35k 10K OTE /

Inside Sales / IT Sales / Business Development / Fluent...

Senior Web Developer / Engineer (HTML, JavaScript, CSS)

Title: Senior Web Developer / Engineer (HTML, JavaScript...

Java Developer (J2SE / JEE)

Job Title: Java Developer (J2SE / JEE) Salary: up to...

Agile Test Manager

Job Title: Agile Test Manager Salary: up to 55k per...

To send to more than one email address, simply separate each address with a comma.