New VBScript IE Exploit May Plant Malware on Windows XP

Computer users running Windows XP and Internet Explorer version 7 or 8 were recently confirmed as being vulnerable to an exploit that could place malware on their system through an un-patched VBScript bug.

New attack code that allows hackers to inject malware onto a Windows XP machine running Internet Explorer 7 or 8 is currently being investigated by Microsoft. The vulnerability has been publicly claimed as involving Windows help files and VBScript within the Internet Explorer browser application. During the time of this discovery, Microsoft’s Security Response Center confirmed that this vulnerability does not affect those systems running Windows Server 2008, Windows Vista or Windows 7.

This new vulnerability would allow an attacker to sneak malware onto a user's system disguised as a Windows help file .hlp in some cases forcing the computer user to press the F1 key after a popup message. The popup is initiated by VBScript obtained by a malicious web page that the user may visit from clicking on a link within a spam message. The winhlp32.exe file is usually affected giving an attacker unadulterated remote access to the infected system.

The scary part of this new exploit is that because it uses a VBScript initiated popup message, computer users are usually unable to tell if it is a legitimate popup notification and will naturally use the F1 key seeking help to address the "issue" thus prompting malicious actions to take place. A VBScript vulnerability can be similarly compared to the many vulnerabilities found in Adobe products where it requires a user to perform only one action which infects the system with malware and allows a remote attacker to gain access to the affected computer.

Many security researchers and companies have classified Windows Help files as potentially dangerous files as this tactic is nothing new to us.

"These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system," said Jerry Bryant, a senior manager with the Microsoft Security Response Center.

Microsoft is due for a new security update early next week. Hopefully, we expect Microsoft to release a new patch to resolve the VBScript bug in Win XP, IE7, and IE8. For now, no advise or instructions have been released for computer users to avoid or resolve this issue until a new patch is released. It can only be advised that users avoid use of Internet Explorer 7 or 8 in the meantime if they are running Windows XP.