Selected from a March 1, 2010 ComputerWorld Security article:

Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued late Monday, Microsoft confirmed, “The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft.

Microsoft has not set a timeline for a fix, saying only that, “Microsoft will take the appropriate action to help protect our customers.” The next scheduled security patch date for the company is March 9.

Microsoft noted that hackers exploiting the VBScript flaw using Windows Help and Internet Explorer could grab complete control of a Windows system.

The USI Safe Computing blog is intended to be a window into the world of security updates, good practices, useful software, and helpful tips for the USI community in an effort to make us all safer users of technology. Subscribe to this blog or bookmark it and it return to it on a regular basis. While most of the information posted here will be about timely announcements of security vulnerabilities, software updates, and potential security threats, we also plan to publish articles and tutorials that will help you understand how to be a safer while using your computer, to be better informed of safe computing practices and terminology, and to be knowledge about the threats that technology and Internet have introduced into our lives.

Because this is a blog, we encourage you to participate by leaving comments and questions. If there is something you want to know, feel free to ask us and we will do our best to provide information that informs not only you but the wider USI community.