If you are a Windows XP user and using Internet Explorer 8 than you may not want to press F1 to call for Help while browsing any website.

Microsoft told Windows XP users not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).


In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

ďThe vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,Ē read the advisory. ďIf a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.Ē

As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,Ē said David Ross with the Microsoft Security Response Center (MSRC) engineering staff.