Wednesday, March 3rd 2010

Do Not Press F1 If Requested To Do So By A Website.

Microsoft is investigating a vulnerability in VBscript that occurs when a user presses "F1". The vulnerability makes use of an interaction between VBscript and the help files of Internet Explorer. Once "F1" is pressed malicious code can be executed in the security context of the logged in user. This security issue only applies to users of Windows 2000, Windows 2003 Server, and Windows XP; Windows Vista and Windows 7 users are not affected. There is no word yet from Microsoft on what would occur if malicious code was executed using the vulnerability.Source: Microsoft TechNet
Add your own comment

51 Comments on Do Not Press F1 If Requested To Do So By A Website.

#2
Steevo
Meh. 2000 was a retards XP. It wasn't mean to game on, it was ment for servers, workstations and not browsing myspace.

If a old PC gets infected as the user is stupid, using 2000, and is complaining about their 2000 caddy not having warranty still.....well. F em. I will gladly take their money to fix their old and broken.
Posted on Reply
#4
Mussels
Moderprator
... what version of IE? its not mentioned at all
Posted on Reply
#5
department76
Mussels said:
... what version of IE? its not mentioned at all
all of them? i'm guessing, since F1 is the universal help key the vulnerability has perhaps always been there.
Posted on Reply
#6
Steevo
Back in the windows 9X days you could bypass a users password with a simple print command and view all their files.

This exploit was carried forward into ME and XP to a degree. Help files are ran at user assistance level and possible upgraded privileges. UAC removed the means to access a users files.


You all must realize that the browser runs at equal rights with the user account in the majority of instances, so if you can browse to a file in a scripted window and open, copy, delete, or work with files, so can a remote user. All that is required is the initial authorization, by visiting the site you have already created the tunnel.
Posted on Reply
#7
Bjorn_Of_Iceland
So its a combination of the actual keypress and the help files right? No harm in manually clicking help > contents and index?
Posted on Reply
#9
TIGR
hayder.master said:
the IE exist to download FireFox
:toast: The first thing I do on a new install is open IE, go to mozilla.com, and download Firefox.
Posted on Reply
#10
Mussels
Moderprator
TIGR said:
:toast: The first thing I do on a new install is open IE, go to mozilla.com, and download Firefox.
traitor. i keep copies of firefox installers on my flash drives :D
Posted on Reply
#11
Steevo
I'm using IE and pressing F1.......now!
Posted on Reply
#12
[I.R.A]_FBi
Steevo said:
I'm using IE and pressing F1.......now!
Posted on Reply
#13
Meizuman
Pressed F1, opened Opera Help (from their site) in a new tab ;)
Posted on Reply
#14
Melvis
AphexDreamer said:
Not going to lie, I hit F1 and got a new TAB in Chrome. IE should be banned, surprised Australia hasn't banned it yet.
Give it time :laugh:

I use XP, but i never use IE (POS) Seamonkey all the way, so im all safe.

On the other hand i might tell my customers to press F1, that will increase work for me :D:laugh:
Posted on Reply
#15
VJC1945
Do Not Press F1

Does anybody know if this error also occurs during a system start? I get it every time I restart my system.
VJC1945
Posted on Reply
#16
oily_17
VJC1945 said:
Does anybody know if this error also occurs during a system start? I get it every time I restart my system.
VJC1945
If you are getting the "Press F1.." when you are booting your PC, then it probably means that some of your settings in the bios are stopping it from booting correctly.

You need to recheck your bios settings.
Posted on Reply
#17
VJC1945
Hello,
I appreciate your response. I just re-installed WINDOWS and no changes were made to the BIOS.
I wish it was that simple. I've been chasing this problem for over a month. I hoped that re-insalling
WINDOWS would solve the problem.
Posted on Reply
#18
WhiteLotus
VJC1945 said:
Hello,
I appreciate your response. I just re-installed WINDOWS and no changes were made to the BIOS.
I wish it was that simple. I've been chasing this problem for over a month. I hoped that re-insalling
WINDOWS would solve the problem.
Make a dedicated thread about it (most likely in the Hardware thread) and be sure to list your Hardware specs and exact details of your problem. Be easier to help you that way.
Posted on Reply
#19
computertechy
just like telling someone to "not look down"

+1 thx for the info.
Posted on Reply
#20
hat
Enthusiast
Steevo said:
I'm using IE and pressing F1.......now!
Posted on Reply
#21
VJC1945
WhiteLotus said:
Make a dedicated thread about it (most likely in the Hardware thread) and be sure to list your Hardware specs and exact details of your problem. Be easier to help you that way.
I wish I could. I've just joined this site. Screen states that I can not begin a new thread.
Posted on Reply
#22
VJC1945
Hello,
I wish I could. I just joined this site and I am not familiar with it's options.
Screen states that I can not start a new thread.
Posted on Reply
#23
JrRacinFan
Served 5k and counting ...
I can guarantee you this thread and the topic has nothing to do with what you are seeing.

So at post, what is the computer displaying on monitor? "CMOS Checksum error Press F1 to continue">? If you are getting that you will need to enter bios load optimized defaults, then F10 and save. That is just assuming that's the problem you are having.
Posted on Reply
#24
oily_17
Try what JrRacing said and also you should check your motherboard battery.

If the board is older the battery may have died, or could happen with a new board as well, and is not storing the bios settings each time you disconnect power from it.
Posted on Reply
#25
Mussels
Moderprator
VJC1945 said:
Hello,
I wish I could. I just joined this site and I am not familiar with it's options.
Screen states that I can not start a new thread.
you're likely trying to make it in the news section of the forum, where you dont have permissions. There is a general hardware section, make the thread there.
Posted on Reply
Add your own comment