Are you using Internet Explorer 7 or 8? Beware, it’s possible that you are at risk for a recently discovered vulnerability revealed by iSEC Security Research.
“Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer,” says Jerry Bryant, senior manager with the Microsoft Security Response Center. So far, “the current state of our investigations shows that Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not affected.” In addition, Bryan also notes Microsoft hasn’t seen any attacks yet stemming from this vulnerability.
The Microsoft Security Response Center blog reminds us that “only Windows 2000 and Windows XP are impacted” and “Windows 2003 Server is also impacted, but the issue is mitigated in the default configuration due to the presence of the Internet Explorer Enhanced Security Configuration.”
A security advisory issued by Microsoft earlier today tells us, “the main impact of the vulnerability is remote code execution.” Basically, the F1 key (which activates Windows Help) could be used to execute malicious code that may pass along sensitive information of the user. Microsoft is currently working on a security patch to fix this flaw, so in the meantime, don’t hit that F1 key! You could also protect yourself by locking down the Windows Help system. Further instructions can be found on the MSRC blog post.
If you’re ready to drop IE, like Google did yesterday, you could always entertain the idea of switching to FireFox or Chrome…
