"Don't press F1" key in Windows XP - Help key triggers vulnerability in VBScript enabling Remote Code Execution

Microsoft posted an interim workaround to mitigate the vulnerability involving the use of VBScript and Windows Help files. “Users are advised to avoid pressing F1 on dialogs presented from web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off […]

Microsoft posted an interim workaround to mitigate the vulnerability involving the use of VBScript and Windows Help files. “Users are advised to avoid pressing F1 on dialogs presented from web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to kill the Internet Explorer process. It’s also possible to use the following command line to lock down the legacy Windows Help system, preventing it from loading: cacls "%windir%\winhlp32.exe" /E /P everyone:N . Command line to roll back this change: cacls "%windir%\winhlp32.exe" /E /R everyone . As this vulnerability is driven by scripting, following workarounds apply as well (see screenshot). The Group Policy setting to “Turn off displaying the Internet Explorer Help Menu” under the Category Path “Computer Configuration\Administrative Template\Windows Components\Internet Explorer\” is not a sufficient mitigation for this issue.

[Source]