A security flaw has been discovered in the Windows Help system. Generally, if you hit the F1 key in Windows, you will get a help screen relative to the function you hit the F1 key on. A programming flaw can allow this function to run a script file that can do harm to the workstation.
A potential exploit to this flaw can be made by creating a rogue page on a website. While the visitor is browsing the site, they can be requested to hit the F1 key while on the web page. This in turn can trigger the malware. Depending on how the malware is designed, various things can happen.
Microsoft is working on a fix to this flaw. In the meantime, users should be warned not to hit the F1 key on any websites. Generally speaking, it is unusual to have to hit the F1 key for any purpose on a website. Windows 7, Vista, Server 2008 and Server 2008 R2 are not affected.
