Sister CISA CISSP

Mar 2 2010   6:18PM GMT

I.E. Help Files and F1 Function Key = Vulnerability

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

A new alert came out from Microsoft on March 1st.

When a user is online with Internet Explorer, they have to press the F1 function key when a pop-up is displayed. Not that users commonly use this key in IE, but some may do so when invited to by malware masquerading as a help file.

Microsoft is not being very specific, probably because they don’t have a patch yet.

According to the firm that discovered the vulnerability, “It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript.”

The newer Microsoft OSes are not affected by this “feature,” but if you are using Microsoft Windows 2000, Windows XP, and Windows Server 2003, it’s worthwhile alerting your users.

In terms of IE version, all are vulnerable, so you can guess that it is more specific to the OS than the IE version.

Of course, if your users are not running their machines with administrator rights, you’re in much better shape.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: