« Instant Messaging | Main | Mac Safari Browser »

Tuesday, March 02, 2010

Internet Explorer F1 Key Flaw

If you use any of the last several versions of Internet Explorer you are advised to not press the F1 key if prompted by any web site. A flaw has been discovered that could open up your Windows machine (except Vista, way to go Bill!) to evil-doers. The Microsoft Security Advisory (981169) is here: http://www.microsoft.com/technet/security/advisory/981169.mspx

The quote from Microsoft below:

Successful exploitation of this vulnerability requires that users assist the exploit by pressing the F1 key on their keyboard. Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.

Consequently, malicious Web sites may attempt to persuade users into pressing the F1 key. Such a Web site could invoke an endless loop of dialog boxes that tell the user to press the F1 key to end the loop, or offer information such as pricing information or help to be revealed through the F1 key.

Users are advised to avoid pressing F1 presented by Web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to terminate the Internet Explorer process.

Posted by Matthew Carrick at 1:37.10 PM EST | Permanent Link

| Categories: Best Practices, Internet Explorer, Security Alerts

Wednesday, December 17, 2008

IE Patched in Record Time

Microsoft has patched the critical flaw in its Internet Explorer browser in mere days. Good job! If you have Windows Automatic Update turned on you should already be patched depending on when you have set your PC to download and install the fix.

Windows Update View of Hotfix KB960714

With more and more people aware of the problem it was incumbent upon Bill to fix the problem before even more folks ditched IE for more secure browsers such as Opera or Firefox. Either you're part of the problem or part of the solution and although Microsoft was late in embracing the Internet it seems they are moving towards being less of a vector for malware, spyware, viruses, etc. Let's hope the upcoming IE 8 is an even better experience for the vast number of users who, for some reason, never get the itch to try other browsers.

Posted by Matthew Carrick at 6:24.42 PM EST | Permanent Link

| Categories: Internet Explorer, Security Alerts