Microsoft have confirmed a new Internet Explorer security vulnerability which is affecting only pre-Windows Vista operating systems like Windows XP meaning that users running Windows 7, Windows Vista, Windows Server 2000 and Server 2008 R2 are not affected by the issue.
The vulnerability is not exploited currently according to Microsoft’s information and it is not likely that it will as a user on the target system needs to be convinced to press the F1 key in response to a pop up dialog box on a specifically prepared website.
The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.
There is currently no fix for affected operating systems but Microsoft confirmed that they continue investigating the issue. It is likely that a patch for the vulnerability will be provided shortly. As of now all users need to remember is to not press F1 when they are accessing websites.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Internet Explorer Vulnerability FixMicrosoft Confirms Internet Explorer Vulnerability [Security]
Microsoft Posts Advisory About New Internet Explorer Vulnerability
Microsoft Releases Internet Explorer 0-Day Vulnerability Fix-It
Internet Explorer Vulnerability And Temporary Fix