When a user is online with Internet Explorer, they have to press the F1 function key when a pop-up is displayed. Not that users commonly use this key in IE, but some may do so when invited to by malware masquerading as a help file.

Microsoft is not being very specific, probably because they don’t have a patch yet.

According to the firm that discovered the vulnerability, “It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript.”

The newer Microsoft OSes are not affected by this “feature,” but if you are using Microsoft Windows 2000, Windows XP, and Windows Server 2003, it’s worthwhile alerting your users.

In terms of IE version, all are vulnerable, so you can guess that it is more specific to the OS than the IE version.

Of course, if your users are not running their machines with administrator rights, you’re in much better shape.