Microsoft warns Windows XP users not to press the F1 key when prompted by a Website, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Website displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.
Microsoft says Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug and any supported versions of Internet Explorer (IE) on those operating systems -- including IE6 on Windows XP -- could be leveraged by attackers. Users running IE7 and IE8 are at risk, but not those running IE6.
Users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content, even if your Windows system is up-to-date with all security patches. The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key, don't be fooled!