Microsoft Warns of New Bug Affecting IE Users
Steer clear of the F1 key while surfing the Web, at least for a little while.
Microsoft warned Monday of a new vulnerability that affects Internet Explorer users, saying that it could be exploited by hackers to install malicious software on a victim's computer.
The flaw lies in the way Microsoft's VBScript works with Windows Help Files in Internet Explorer. But for an attack to work, the victim must press the computer's F1 key, Microsoft said. "Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited."
This type of attack is considered harder to pull off because of this F1 key requirement, but Web-based attacks have emerged as a major source of malicious software over the past few years.
The bug was discovered by security researcher Maurycy Prodeus, who posted details of the attack on Friday.
It affects Windows 2000, Windows XP and Windows Server 2003.
Microsoft has not seen the flaw exploited in any online attacks to date, the company said Monday. Microsoft did not say whether it will fix the bug in its next set of security updates, due March 9, but it usually needs more than a couple of weeks to test and release new security patches.