Off Topic. MSN Messenger Vulnerable to Hackers
autobilia
Posts: 4,803
Wed May 8, 9:42 PM ET
By LUIS CABRERA, Associated Press Writer
SEATTLE (AP) - Users of the latest versions of Microsoft's popular MSN Messenger program are vulnerable to computer hackers, the company warned on Wednesday.
The "critical" flaw in the Internet-based program, which has millions of users, is the latest serious security flaw to be discovered in a program from the world's dominant software company.
Microsoft said hackers could exploit the vulnerability to run their own malicious commands on a user's computer.
Affected is a feature that allows users to gather in a single virtual location or "chat room" to exchange messages across the Internet in near real time.
The affected software includes Microsoft MSN Chat Control, Microsoft MSN Messenger versions 4.5 and 4.6, and Microsoft Exchange Instant Messenger 4.5 and 4.6.
Microsoft has been trying to make inroads into the market, which is dominated by AOL's Instant Messenger.
The vulnerability was discovered as Microsoft undergoes an intensive companywide campaign to stamp out security problems, an effort ordered by chairman and chief software architect, Bill Gates (news - web sites).
The Redmond, Wash.-based software maker issued a critical security bulletin to users advising them to upgrade by visiting an MSN Chat site and downloading an upgraded new chat control, or by upgrading on the site to the latest version of MSN Messenger or Exchange Instant Messenger.
The company said that to its knowledge no user had been hacked via the flaw, Microsoft Security Program Manager Christopher Budd said, though he cautioned users not to be complacent about downloading the upgrades.
The chat control feature is not automatically included in Windows Messenger, which is installed with the XP version of Windows, Microsoft's flagship operating system.
Budd said it is automatically included only in the two latest versions of MSN Messenger, which has some 46 million users. The first of those versions was released last October.
Microsoft was informed of the flaw by a security firm about a month ago but did not disclose it until late Wednesday because it was developing the fixes or "patches" for customers to download, Budd said.
"Software always will have flaws," Budd said. "We always do our best to ensure we do not have flaws or vulnerabilities, but while we strive for perfection, we know we're not always going to achieve perfection."
Gates announced a "Trustworthy Computing" initiative in January after a series of embarrasing security incidents involving Microsoft software that prompted criticism the software giant had been giving security short shrift as it piled new feature upon new user-friendly feature in its operating systems.
The most serious was a vulnerability affecting a Web server program included in corporate Windows operating systems.
That flaw could let a hacker take over someone else's server.
Like the Web server flaw, the newest vulnerability was caused by what is known as a "buffer overflow problem."
Buffer overflows occur when software is programmed to accept information but not given the ability to validate or limit it. That allows hackers to send commands that an operating system is not expecting but that end up in a computer's memory and are executed.
In February, Microsoft warned of an unrelated flaw in MSN Messenger that could allow a hacker to gain access to screen names and e-mail addresses.
By LUIS CABRERA, Associated Press Writer
SEATTLE (AP) - Users of the latest versions of Microsoft's popular MSN Messenger program are vulnerable to computer hackers, the company warned on Wednesday.
The "critical" flaw in the Internet-based program, which has millions of users, is the latest serious security flaw to be discovered in a program from the world's dominant software company.
Microsoft said hackers could exploit the vulnerability to run their own malicious commands on a user's computer.
Affected is a feature that allows users to gather in a single virtual location or "chat room" to exchange messages across the Internet in near real time.
The affected software includes Microsoft MSN Chat Control, Microsoft MSN Messenger versions 4.5 and 4.6, and Microsoft Exchange Instant Messenger 4.5 and 4.6.
Microsoft has been trying to make inroads into the market, which is dominated by AOL's Instant Messenger.
The vulnerability was discovered as Microsoft undergoes an intensive companywide campaign to stamp out security problems, an effort ordered by chairman and chief software architect, Bill Gates (news - web sites).
The Redmond, Wash.-based software maker issued a critical security bulletin to users advising them to upgrade by visiting an MSN Chat site and downloading an upgraded new chat control, or by upgrading on the site to the latest version of MSN Messenger or Exchange Instant Messenger.
The company said that to its knowledge no user had been hacked via the flaw, Microsoft Security Program Manager Christopher Budd said, though he cautioned users not to be complacent about downloading the upgrades.
The chat control feature is not automatically included in Windows Messenger, which is installed with the XP version of Windows, Microsoft's flagship operating system.
Budd said it is automatically included only in the two latest versions of MSN Messenger, which has some 46 million users. The first of those versions was released last October.
Microsoft was informed of the flaw by a security firm about a month ago but did not disclose it until late Wednesday because it was developing the fixes or "patches" for customers to download, Budd said.
"Software always will have flaws," Budd said. "We always do our best to ensure we do not have flaws or vulnerabilities, but while we strive for perfection, we know we're not always going to achieve perfection."
Gates announced a "Trustworthy Computing" initiative in January after a series of embarrasing security incidents involving Microsoft software that prompted criticism the software giant had been giving security short shrift as it piled new feature upon new user-friendly feature in its operating systems.
The most serious was a vulnerability affecting a Web server program included in corporate Windows operating systems.
That flaw could let a hacker take over someone else's server.
Like the Web server flaw, the newest vulnerability was caused by what is known as a "buffer overflow problem."
Buffer overflows occur when software is programmed to accept information but not given the ability to validate or limit it. That allows hackers to send commands that an operating system is not expecting but that end up in a computer's memory and are executed.
In February, Microsoft warned of an unrelated flaw in MSN Messenger that could allow a hacker to gain access to screen names and e-mail addresses.
0
Comments
<< <i>No need to type the "Off Topic" thing man....Don't think theres been such a thing here for a long time now....As far as the content goes there I think it's cool hackers have a new toy to get into....It may slow them in confusing the FBI as to which agents tee time is when.... >>
Heh. Just posted it since I know a lot of people use MSN Messenger. I uninstalled mine and is unable to re-install it, so doesn't affect me.