Microsoft has reacted quickly to a new vulnerability in Internet Explorer which could allow remote code execution.
Jerry Bryant, senior security communications manager at Microsoft, said in a blog post yesterday that the issue, which was posted at the end of last week, had no obvious exploits but could pose some problems.
"An issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop-up dialogue box," he said.
"We are not aware of any attacks seeking to exploit this issue at this time, and in the current state of our investigation we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista are not affected."
The issue concerns Windows Help files and VBScript, file types designed to invoke automatic actions during normal use.
"While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system," said Bryant.
Microsoft urged users to ensure that their security software is up to date and that they have a firewall in place.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
