Microsoft Releases Security Advisory to Address VBScript Vulnerability

Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

Review Microsoft Security Advisory 981169.
Review the Microsoft Security Research & Defense blog entry regarding this issue.
Review US-CERT Vulnerability Note VU#612021.
Refrain from pressing the F1 key when prompted by a website.
Restrict access to the Windows Help System.

US-CERT will provide additional information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Microsoft Releases Security Advisory to Address VBScript Vulnerability

Please share your thoughts

CISA Releases Four Industrial Control Systems Advisories

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog

Microsoft Releases Security Advisory to Address VBScript Vulnerability

Please share your thoughts

Related Advisories

CISA Releases Four Industrial Control Systems Advisories

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog