Microsoft Security Advisory (981169) Vulnerability in VBScript Could Allow Remote Code Execution [sns.ias.edu #2981]

http://www.microsoft.com/technet/security/advisory/981169.mspx?pubDate=2...

"Microsoft is investigating new public reports of a vulnerability in
VBScript that is exposed on supported versions of Microsoft Windows
2000, Windows XP, and Windows Server 2003 through the use of Internet
Explorer. Our investigation has shown that the vulnerability cannot be
exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or
Windows Server 2008. The main impact of the vulnerability is remote code
execution. We are not aware of attacks that try to use the reported
vulnerabilities or of customer impact at this time."

Workarounds:

* Do not press the F1 key when prompted by a Web site
* Restrict access to the Windows Help System
* Set Internet and Local intranet security zone settings to "High" to
block ActiveX Controls and Active Scripting in these zones
* Configure Internet Explorer to prompt before running Active Scripting
or to disable Active Scripting in the Internet and Local intranet
security zone

It is recommended that one or all of these workarounds be used until
Microsoft has issued a patch to fix the problem. For more information,
please see the link above.

Thanks,
Brian