Microsoft Warns: Don't Hit F1 in Windows XP

[Computer Hope Admin]

Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

Link

[Geek-9pm]

WOW!
That bug has been around a long time. This is the first time it has become public. But making it public is the only workaround still they fix it. Users have to know there is a danger and have to be told what NOT to do.

Yet Microsoft goes on to criticize the bearer of bad news:

The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available.

(From the link given above.)

This, IMO, does more harm to the MS PR and serves no purpose.

[BC_Programmer]

I was ONLY able to get this bug to work with XP and IE 6.

XP and IE 7 and 8 were unaffected, and Windows 2000 and IE 5 crashed, and Windows 2000 and IE 6 did nothing at all.

If you think about it, it's 100% an oversight on the part of the VBScript design team.

the MsgBox() Function with the helpfile and helpcontext arguments is from Full blown Visual Basic for Applications- Applications that, in all likelyhood, will have helpfiles.

the two arguments should have been stripped out when the language was first designed. And if they were added after... well, that's even worse.

[Geek-9pm]

If you think about it, it's 100% an oversight on the part of the VBScript design team.

May I respectfully disagree. It was more like a 200% oversight.