CERT mailing list archives
Current Activity - Microsoft Releases Security Advisory to Address VBScript Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 2 Mar 2010 08:57:10 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Microsoft Releases Security Advisory to Address VBScript Vulnerability Original release date: March 2, 2010 at 8:36 am Last revised: March 2, 2010 at 8:36 am Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application. US-CERT encourages users and administrators to do the following to help mitigate the risks: * Review Microsoft Security Advisory 981169. * Review the Microsoft Security Research & Defense blog entry regarding this issue. * Review US-CERT Vulnerability Note VU#612021. * Refrain from pressing the F1 key when prompted by a website. * Restrict access to the Windows Help System. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx> <http://www.microsoft.com/technet/security/advisory/981169.mspx> <http://www.kb.cert.org/vuls/id/612021> ==== This entry is available at http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory_to2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBS40ZKy/E9ke+6HGsAQI3sggAhqe0sVsLXz3IWZOVJFwKLve6brI9ABzf 5ihRU1NaMBjOpbm8RCN2nPahWe0ruhMnE7MG4upkhgpg47SEdbZ65DNmay2T+Tpz mDnleHrl+V3gginjAP2qg+wzlLT1nyXCl4mASOWmUJqKoL7aLBZQSnYSaNwLYTvg D5fFVx4wTyFu+EbhGd1+6CHUKiAx4BbOqXmY7DgvMeDO3GvJsNhut8uxcZPKcRYT o48izircqHWc9d3kOM2S6k2PconSdM3AP+plPTvrXE2Y0wGqDilafCNCzf/Y5e9M hjeOtNP5M5ErgWr5tbxhkraK49XfVGtA3SxLkCDcFtlyc6YAN4rhuw== =UfqV -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Microsoft Releases Security Advisory to Address VBScript Vulnerability Current Activity (Mar 02)