In yet another instance of Internet Explorer being manipulated by hackers to conduct cyber mischief, Microsoft Corporation has now released a security advisory, under which users running Microsoft Windows XP operating system have been advised to refrain from hitting the F1 key, when prompted by a web site to do so. As per the company, doing so could lead to a hacker taking control of the user’s computer, due to a yet unpatched vulnerability in the Internet Explorer (IE).

The flaw was discovered by Maurycy Prodeus, a Polish researcher wherein the bug has been located in the VBScript of IE, and thus Microsoft has now been compelled to issue an advisory and preventive measures as well. The bug that Mr. Prodeus discovered last week enables a hacker to deliver malicious files to a user in the form of a Windows Help file or .hlp file, where the user is required to hit the F1 key when prompted. The bug has been found to widespread across all Internet Explorer versions, i.e. I.E 6, 7 & 8 and affects system running Microsoft Windows 2000, Windows XP and Windows Server 2003 editions.

As far as the patch for this vulnerability is concerned, Microsoft has advised the users not to hit the F1 key till the problem is resolved. Also, the company in its advisory has given command prompt parameters, via which the users can block the Windows Help system, thereby eliminating the chance of the pop up occurrence.

According to Microsoft,

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content. The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key. Microsoft will take the appropriate action to help protect our customers.”

Via Computer World