Microsoft have found a vulnerability in Internet Explorer security that’s affecting all operating systems that were released prior to Windows Vista such as Windows 2000, 2003, XP, etc. However, the post Windows Vista versions such as Windows Vista, Windows 7, Server 2000 and Server 2008 R2 are not affected by this IE vulnerability.
According to Microsoft, the vulnerability is not exploited and it is not likely that it will as a user on the target system needs to be convinced to press the F1 key in response to a pop up dialog box on a specifically prepared website.
The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.
Microsoft is yet to release a patch to fix the issue and heal the affected computers, but they have just said that they will be continue investigating the issue. We advise our readers not to press F1 key even if a website asks you to do so, specially if you are using Internet Explorer. Hope to see the vulnerability patch releasing shortly.