In a Monday statement, Microsoft cautioned its software users about a new vulnerability that can be potentially exploited by hackers to gain control of the older Windows systems that run its Internet Explorer (IE). The company also mentioned the public release of iSEC Security Research’s proof-of-concept exploit code for the new hole which was revealed on Friday.

As per the Microsoft advisory, the newly-discovered vulnerability chiefly affects the systems based on Windows 2000, Windows XP, and Windows Server 2003; thereby leaving the Windows Vista-, Windows 7-, and Windows Server 2008-based systems unaffected.

Microsoft revealed that the existence of the vulnerability is akin to the interaction of Windows Help files with Visual Basic Scripting, or VBScript – which is an Active Scripting language that helps in the execution of functions embedded in Web pages.

According to Microsoft, the vulnerability prompts the users to visit a malicious Web site, displaying a particularly-designed dialog box, asking the users to press the F1 key to bring up the help function – once the key is pressed, the malware is installed on the computer when pressed.

The workarounds that Microsoft has recommended for combating the vulnerability include – avoiding the press of F1 key; limiting access to the Windows Help System; disabling Active Scripting in the Internet and Local intranet security zone; and setting “high” Internet and Local intranet security zone for blocking ActiveX Controls and Active Scripting.