Microsoft confirms the 'F1' key as potentially deadly

Look at it up there, in the top left corner, just above your middle finger, all innocuous-looking... just gagging to be depressed... you could just give F1 a little tickle, no one would know... STOP! Don't do it! At least, not if you're on Windows 2000, XP or Server 2003. A few days ago a warning appeared on Microsoft's Security Response Center, in it they detailed an attack involving pop-up boxes and the F1 key. There's now a full Security Advisory on the issue, and if you're running one of the affected operating systems you should read it.

In essence: if you hit F1 in response to a pop-up dialog, an attacker could execute arbitrary code (i.e. hack you). All it takes is some cleverly-crafted VBScript -- but Microsoft says it's not aware of any such attacks currently in the wild.

The good news is, it only affects you if you're using Internet Explorer -- the bad news is, it probably won't be patched for some time, so some old business machines will no doubt get compromised before a fix is in place. I wonder if the new browser ballot thing warns users about unpatched security holes before they choose a browser to install...

Tags: exploit, f1, IE, internet exlporer, InternetExlporer, microsoft, pop-up, security, vbscript, web