Earlier this week, a number of news items and blot posts appeared regarding a potential security issue for computers using Windows XP, Windows 2000, or Windows Server 2003. As a lot of our users still use some of these older operating systems (myself included), I wanted to help provide you with some background on the exploit. It may be that some of you saw the headline or heard it second hand and thought "Great! Now help is dangerous!" I'm here to tell you that Help isn't dangerous and that some simple attention and caution can help you avoid this issue.
The exploit is considered to be "zero-day"; which is to say that it was first discovered outside of security research and implemented in a potentially malicous manner. This exploit involves the way which Internet Explorer executes certain VB Script within these operating system. Microsoft reports that Windows 7, Windows Server 2008 R2, Windows Vista, nor Windows Server 2008 are not affected by this issue.
This exploit appears to function only when the F1 key is pressed while visiting web sites containing the malicous code. The vector for inefection is through the help calls in IE. Therefore, you can avoid the threat by simply not pressing the F1 key when prompted by a web site loaded in Internet Explorer. Further, you are advised to keep your software up to date, install and use up-to-date antivirus & antispyware software, and use a firewall. I would also recommend that you simply be mindful of sites you browse to. Ignore any IE dialog boxes which request you to press F1 and promptly leave that site.
Users of the the affected operating systems are not exposed to this threat while using Bentley desktop software (which often allow you to press the F1 key to get help related to your current task). Further, using the help window in these operating systems is in no way affected. So don't be scared to read the help file!
Additional Recommended resources: