From Computer World Security, it looks like there may be a new vulnerability that will impact Windows XP users. The security advisory was posted late last night, and states that users of Windows XP and Internet Explorer (IE8, IE7, and IE6 are all vulnerable) should hold off from pressing their F1 keys on their keyboard until a patch is sent out.
“As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content…” – David Ross MSRC
The vulnerability appears to be that of allowing VBScript to interact with Windows Help files and IE, with the potential of a malicious script taking over total access of the infected machine. A patch is expected to be released on their next official patch date of March 9th. Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are not vulnerable to this type of attack.
“If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.” – Microsoft Security Advisory
So to be safe while surfing the web, you may want to hold off on pressing F1 completely, or download another browser for a safer, and richer internet experience.
Mozilla Firefox – http://getfirefox.com
Google Chrome - http://www.google.com/chrome