After two days, they confirmed that this vulnerability "could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box", but that there has been no news about attacks exploiting it so far.
Maurycy Prodeus, the security analyst that discovered the vulnerability, says that Windows XP SP3 running IE 8,7 or 6 are vulnerable, and Microsoft assures that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.
Microsoft is yet to confirm when the fix will be released, but Computerworld reports that Prodeus himself offered a temporary solution: blocking TCP port 445. "However, it is worth to note that blocking this port doesn't solve the problem, because there might be [an]other attacking vector, for example, uploading an arbitrary file to the victim's machine at known path location using some third-party browser plug-ins," he said.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.