Wednesday, March 3rd 2010

Do Not Press F1 If Requested To Do So By A Website.

Microsoft is investigating a vulnerability in VBscript that occurs when a user presses "F1". The vulnerability makes use of an interaction between VBscript and the help files of Internet Explorer. Once "F1" is pressed malicious code can be executed in the security context of the logged in user. This security issue only applies to users of Windows 2000, Windows 2003 Server, and Windows XP; Windows Vista and Windows 7 users are not affected. There is no word yet from Microsoft on what would occur if malicious code was executed using the vulnerability.Source: Microsoft TechNet
Add your own comment

51 Comments on Do Not Press F1 If Requested To Do So By A Website.

#1
TIGR
Ooh, this could get a lot of people.

Glad I switched to Firefox (not saying it's bulletproof either!).
Posted on Reply
#2
human_error
PRESS F1 NOW TO POST A REPLY TO THIS TOPIC.

sorry, couldn't resist :p
Posted on Reply
#3
newtekie1
Semi-Retired Folder
I find it odd that after reading the thread title, it was very hard to not instantly press "F1"...
Posted on Reply
#4
Reefer86
by: newtekie1
I find it odd that after reading that, it was very hard to not instantly press "F1"...
#lol
Posted on Reply
#5
mlee49
Another reason to not use IE. :)
Posted on Reply
#6
pantherx12
Posted to my facebook were its most likely to come in handy ( lots of stupid friends!)
Posted on Reply
#7
DrPepper
The Doctor is in the house
Win vista and 7 aren't affected anyway which is what most of us use anyway :p
Posted on Reply
#8
BazookaJoe
by: DrPepper
Win vista and 7 aren't affected anyway which is what most of us use anyway :p
Sorry mate, WinXP still accounts for almost 80% of systems running a Microsoft OS on earth.

Vista and 7 are still a distinct minority, when compared.
Posted on Reply
#9
newtekie1
Semi-Retired Folder
by: BazookaJoe
Sorry mate, WinXP still accounts for almost 80% of systems running a Microsoft OS on earth.

Vista and 7 are still a distinct minority, when compared.
Not exactly 80%, more like 60%. While Win7/Vista accounts for about 30% right now.

But I think he was refering to us here at TPU, the enthusiasts. Most of us are using Win7/Vista now.
Posted on Reply
#10
DrPepper
The Doctor is in the house
by: BazookaJoe
Sorry mate, WinXP still accounts for almost 80% of systems running a Microsoft OS on earth.

Vista and 7 are still a distinct minority, when compared.
Referring to techpowerup users. Everyone outside of tpu are called "they"
Posted on Reply
#11
OneCool
SWEET!!!

I did it and it opened a new tab in Firefox :toast:
Posted on Reply
#12
AphexDreamer
Not going to lie, I hit F1 and got a new TAB in Chrome. IE should be banned, surprised Australia hasn't banned it yet.
Posted on Reply
#13
Black Panther
Senior Moderatorâ„¢
by: pantherx12
Posted to my facebook were its most likely to come in handy ( lots of stupid friends!)
Thanks for the idea, done that myself now as well, for the sake of the rest of my family in Canada! :)
Posted on Reply
#14
AsRock
TPU addict
by: DrPepper
Referring to techpowerup users. Everyone outside of tpu are called "they"
"they" some reason i found it funny..

Is it not more likely that people will press like telling a kid not to do some thing..
Posted on Reply
#16
mtosev
another critical bug unpatched:

Unpatched critical flaws
On September 8, 2009, Microsoft skipped patching two of the five security flaws that were addressed in the monthly security update, saying that patching one of the critical security flaws was "infeasible".[95] According to the Microsoft Security Bulletin MS09-048, "The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems, making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability. To do so would require re-architecting a very significant amount of the Microsoft Windows 2000 Service Pack 4 operating system, [...] there would be no assurance that applications designed to run on Microsoft Windows 2000 Service Pack 4 would continue to operate on the updated system."
Posted on Reply
#17
t77snapshot
by: mlee49
Another reason to not use IE. :)
Exactly;) I wish IE would die, but that will never happen.
Posted on Reply
#18
audiotranceable
by: human_error
PRESS F1 NOW TO POST A REPLY TO THIS TOPIC.

sorry, couldn't resist :p
Oh knowz. Oh wait I'm on firefox:rockout:
Posted on Reply
#19
Steevo
There have always been issues with help and the places it will take you. The only partial fix I have known of is to use user rights in a domain to prevent issues.
Posted on Reply
#20
newtekie1
Semi-Retired Folder
by: mtosev
another critical bug unpatched:

Unpatched critical flaws
On September 8, 2009, Microsoft skipped patching two of the five security flaws that were addressed in the monthly security update, saying that patching one of the critical security flaws was "infeasible".[95] According to the Microsoft Security Bulletin MS09-048, "The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems, making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability. To do so would require re-architecting a very significant amount of the Microsoft Windows 2000 Service Pack 4 operating system, [...] there would be no assurance that applications designed to run on Microsoft Windows 2000 Service Pack 4 would continue to operate on the updated system."
It's Windows 2000, who the f*ck cares?
Posted on Reply
#21
mtosev
i seen ppl still using win 2k.
Posted on Reply
#22
newtekie1
Semi-Retired Folder
by: mtosev
i seen ppl still using win 2k.
People still using 2000 is more of a crime than Microsoft not patching the security flaw...

It is 10 years old at this point, anyone still running 2000 should consider themselves lucky they are even still getting security patches.
Posted on Reply
#23
Delta6326
by: newtekie1
People still using 2000 is more of a crime than Microsoft not patching the security flaw...

It is 10 years old at this point, anyone still running 2000 should consider themselves lucky they are even still getting security patches.
and should be lucky there computer even turns on. i could never see a computer lasting that long they just break to easily
Posted on Reply
#24
Tartaros
and should be lucky there computer even turns on. i could never see a computer lasting that long they just break to easily
My first computer still works flawlessy. And I still use it to play those games that are troublesome to play in an os newer than win98.

Being old doesn't mean it won't work.
Posted on Reply
#25
department76
i use F1 all the time; thank you matlab and thank you mathcad.

why you would need or want to ever use F1 in IE is beyond me, let alone why you would press it after a website told you to. especially considering the types of sites that would be asking this...
Posted on Reply
Add your own comment