English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Microsoft - Pressing F1 on Keyboard Potentially Dangerous

According to Microsoft, an un-patched security flaw in Internet Explorer causes potential risk if the F1 key is pressed when the user running previous Windows versions, as reported by TheRegister on March 3, 2010.

The Microsoft security team is conducting an investigation into the problem. It will issue the advisory post investigation.

An advisory, which Microsoft Security Research & Defense posted on March 1, 2010, reveals that the vulnerability allows a specially crafted website to reach Windows Help files via IE with the help of VBScript. When the attack occurs, a pop-up emerges. This message prompts the user to press F1 which is necessary for the attack's completion.

The US-CERT states that a web-page, a file attachment in e-mail, or an e-mail based on HTML can trigger the attack provided the file is displayed through IE. Often the browser is used for delivering HTML for other software despite the invisibility of the normal IE window. Although Windows Server 2003 is affected with the flaw, the default setting of IE lessens the threat. However, the flaw doesn't affect Windows 7, Vista and 2008.

A proof-of-concept has been released. Nevertheless, Microsoft said - neither an attack has been reported which exploits the flaw, nor any customer has been impacted till date.

Meanwhile, the Redmond-based company criticized security experts because they seemingly didn't approach it with the problem. The criticism was posted on the March 1, 2010 advisory.

It is said that Microsoft was disturbed that the new flaw wasn't responsibly revealed, leaving computer users in danger. In fact, the company kept on supporting that security professionals needed to responsibly reveal flaws. The Company believed that reporting flaws straight to a security company was beneficial to everyone. The practice assisted in making sure that customers got high-quality and comprehensive security updates regarding software flaws during the process of the update's preparation, the advisory concluded.

Although Microsoft hasn't specified the time when it'll issue a patch, the likely period is April or May when an IE update will be released.

» SPAMfighter News - 08-03-2010

Bookmark and Share
Twitter Facebook RSS

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird

Optimize Slow PC

Optimize your Slow PC for better performance. Try FREE scan now

Exchange spam filter

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial


anti virus

Antivirus software for your Windows PC - Free 30 days trial

<<<>>>