Simply incredible
|
|
|
Microsoft updates on an IE vulnerability
SOFTWARE HOUSE Microsoft has updated users of its Internet Explorer browser concerned about its latest vulnerability, and the advice is remarkably simple.
Yesterday in a security note the firm explained, "With this issue, it is possible for a malicious web page to display a dialog box which will trigger the execution of arbitrary code when the user presses the F1 key. The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key. Platforms are affected regardless of the Internet Explorer version installed."
It added, "Though user interaction is required the F1 keyboard shortcut does enable an attack scenario. In the exploit, a file path enables a .HLP file to be loaded from the local filesystem, SMB, or WebDav."
According to the firm the problem relates to Windows 2000 and Windows XP by default, and to a lesser extent, Windows 2003 Server. It added that its internal investigations revealed that Windows 7, Windows Server 2008, and Windows Vista were not affected. Regardless of this, it appears that if there is a risk to systems it is users that cannot stop themselves from pressing a button.
Microsoft's workaround for the issue is uninspiring. It says, "As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to kill the Internet Explorer process." So, no matter how hard they force you, and how tempting the prompt message is, just DO NOT PRESS THE F1 button. Oh, unless you actually need to.
There are other solutions, which are a bit more involved, for example, users can set IE to show them a prompt before running any "ActiveX" controls or scripting, and Microsoft added that this would not affect general browsing.
In the meantime, do not press the F1 button. µ
Share this:
Share
By the look of it, OS/2 will have a chance of getting a good market share this time, if someone would revive it (& if they tag it with a correct price tag this time). Of coz, unless, IBM is (still too) scare of M$...
Please don't sully OS/2 by that wrong association.
NT has surprisingly little in common with OS/2, as little as M$ could manage, seem to have run away from all the good ideas that Bill once rightly touted as the future of computing. They gave up at the least HPFS and real desktop objects, instead using FAT and mere shortcuts.
Sig contains...
"Warning - Using the F1 Key will not break anything!"
Ya, that always works...
Microsoft should be forced to openSauce their code!
It has become to complex for a few teenagers to code and be safe.
OS/2 was good, but ever since M$ renamed it NT/2000/XP/VISTA/W7 and so on it went downhill.
The problem is too less teenagers and too much lines of code...as well as immature brains not able to see problems upfront...
Hahahaha....they are all as stupid as Bill always was...read his book s and you know LOL
...If a component is insecure = Just turn it off or disable it.
What of fix? A patch? That depends if MS finds if its actually worth fixing. (ie: Critical issue or not?)...If not, it could drag on for more than six months until a third-party security researcher threatens to release concept-exploit code!...Then its a rush update!
There's much gruft code in Windows from many years ago. MS needs to start a clean slate to really clean Windows's closet. That's the only way to improve this situation.
to turn off yet another of M$'s "features" because poorly designed and ineptly implemented. Good riddance to Active Scripting and Active-X.