F1 key can be exploited to download malware

AlphaCentauri · **Joined:** Thu Mar 01, 2007 3:01 am **Posts:** 5915

http://www.microsoft.com/technet/securi ... 81169.mspx
via
http://www.krebsonsecurity.com/2010/03/ ... tion-keys/

If you get a pop up that tells you to hit the F1 key, don't do it, at least not if you're running Windows. It can be exploited to download malware.

Microsoft is peeved that the vulnerability was announced publicly instead of being reported to them privately. There has been controversy lately because some hackers are fed up with seeming lack of action on the security holes they find and report. They feel that they are doing the work the software companies should be doing for themselves. They also complain that when they do find vulnerabilities, so much time elapses after they report them that criminals have already found them and created exploits before the legitimate users are given any warning of the risk.

spamislame · **Joined:** Tue May 09, 2006 9:18 am **Posts:** 5022

Honestly what does this tell us about Windows? :roll:

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies. I wonder what it will take to get corporate IT to stand up and say "Okay that's it. That's the last straw."

SiL

Moike · **Joined:** Thu Aug 14, 2008 3:48 pm **Posts:** 79

spamislame wrote:

Honestly what does this tell us about Windows? :roll:

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies.

Do you think the Adobe heap of junk software is any more secure on Linux?

When was the last time you got Windows malware on your machine? It is now much more about application vulnerabilities (Adobe) and social engineering than exploiting holes in the OS.

spamislame · **Joined:** Tue May 09, 2006 9:18 am **Posts:** 5022

I have a hard time calling Photoshop "A heap of junk."

I actually can say with a clean conscience that I love that software. (I've been using it since v.2.0)

But I do agree with your point.

Why, by the way, does a PDF file require JavaScript to be enabled by default?

Adobe makes, I think, good software, but they appear to have had a hard time dotting their i's and crossing their t's from a security standpoint.

SiL

ahoier · **Posted:** Thu Mar 04, 2010 9:04 pm

Not really related....but some times people are beyond help :P Apparantly Windows blocked some "Secure Tool" fake antivirus download on my mother's computer, and she blindly "Accepted" / Allowed it, when Windows Defender blocked it.

My stepdad handed her Kaspersky (the price tag said 70$!) and I told him to return that crap lol. No antivirus can save you if you "allow" what was blocked :)

On a side-note, damn I can't even recall the last time I used "F1" for help lol. I wonder if there's a way to "hotkey" it to open Google.com....? :) Since..well, when/if I do have a problem, I tend to just go ask Google (jeeves died a horrible death years ago, or he usually had the answer too LOL)

InBoxRevenge KS Forum

F1 key can be exploited to download malware

Who is online