Windows Live / MSN Messenger to force security upgrade

By Kip Kniskern | In News | Posted September 13, 2007 4 comments

Anand, a Security PM for Windows Live Messenger, posted tonight on the Inside Windows Live Messenger blog that rolling out in the next few weeks, if you haven’t already upgraded your Messenger to at least 8.1 (the current version released version), you will soon be forced to do so.

forcedmsgr 

According to Anand:

We will soon configure the service such that any user on Windows XP or later system has to use Windows Live Messenger 8.1. When a user using an older version of Messenger tries to login, the client will help the user with a mandatory upgrade to Messenger 8.1.

Some of you might feel this inconvenient, but in order to protect you and protect the health of the network we have chosen to take this step

And like it or not, the “health of the network” is a pretty valid reason for taking this extra step.  It all boils down to Security Bulletin MS07-054, “Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)”.  This vulnerability, which has been fixed in 8.1 and the beta version 8.5 “could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system.”

Whatever users out there who are still using Windows 98 or 2000 are vulnerable as well, and for those systems a newer version of MSN Messenger 7 was released today. Available now, the MSN Messenger 7 upgrade will be forced as well, once the Windows Live Messenger upgrades have completed

Posted September 13th, 2007 at 1:39 pm
Category: News
Tags: Messenger, Security patch
  • pikablu0530

    They didn’t seem to release a new version of MSN Messenger 7.5 which addresses this vulnerability as well.

    I understand why 7.0 is updated to cater for Windows 98 and 2000 users (because v7.5 is Windows XP or above only), but they shouldn’t assume that everyone on Windows XP has upgraded to Windows Live Messenger 8 already.

  • Godders UK

    Glad to see they’re retaining 98/2k support – I have to use msn on than sometime.

    On another note – why not 8.5? As far as I can tell it’s out of beta (at least the version I’m using does not say beta anywhere – not even in help > about). (Build no. 8.5.1288.816)

  • the andyman

    @Godders, techically 8.5 is still a beta, but even if it wasn’t it can currently only (officially) be installed through the Windows Live suite installer which is a beta.

  • Godders UK

    Thanks andyman.