Tuesday, March 2, 2010

Microsoft to XP Users: 'Don't Press F1'


If you're still using Windows XP, Microsoft has a piece of security advice for you: don't hit F1.

A recently discovered vulnerability is disrupting how Windows XP handles VBScripts that are used to load Help files. Hackers could disguise malicious code as a Windows Help file (with the extension ".hlp"), and then launch a pop-up window prompting users to press F1 for help. Pressing F1 would in fact load the malicious file, and execute the code, thus infecting a PC. Fortunately, the vulnerability does require user interaction, so those who refrain from using Help (or who turn it off entirely) will remain safe. Details for how to turn off Help can be found here.

The vulnerability applies to IE6, IE7, and IE8 on Windows XP. Vista and Windows 7 users, meanwhile, are unaffected.

Microsoft is currently working to patch the flaw, but has not announced a time by which to expect a fix. This is just one more reason to join the 21st century, and leave XP behind as the quaint memory of a bygone era that it is. [From: Microsoft, via: Computer World]

No comments: