http://www.liveside.net/main/archive/tags/Security+patch/default.aspxTags: Security patchenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://www.liveside.net/main/archive/2007/09/13/windows-live-msn-messenger-to-force-security-upgrade.aspxThu, 13 Sep 2007 11:39:00 GMT56c526a3-1f9b-4262-a0cc-2de2ce4c7619:4985Kip Kniskern8http://www.liveside.net/main/rsscomments.aspx?PostID=4985http://www.liveside.net/main/archive/2007/09/13/windows-live-msn-messenger-to-force-security-upgrade.aspx#comments<p>Anand, a Security PM for Windows Live Messenger, <a href="http://messengersays.spaces.live.com/Blog/cns!5B410F7FD930829E!29167.entry" target="_blank">posted tonight on the Inside Windows Live Messenger blog</a> that rolling out in the next few weeks, if you haven&#39;t already upgraded your Messenger to at least 8.1 (the current version released version), you will soon be forced to do so.</p> <p><a href="http://www.liveside.net/blogs/main/WindowsLiveWriter/WindowsLiveMSNMessengertoforcesecurityup_130AC/forcedmsgr_2.jpg"><img id="id" style="BORDER-RIGHT:0px;BORDER-TOP:0px;BORDER-LEFT:0px;BORDER-BOTTOM:0px;" height="186" alt="forcedmsgr" src="http://www.liveside.net/blogs/main/WindowsLiveWriter/WindowsLiveMSNMessengertoforcesecurityup_130AC/forcedmsgr_thumb.jpg" width="421" border="0" /></a>&nbsp;</p> <p>According to Anand:</p> <blockquote> <p>We will soon configure the service such that any user on Windows XP or later system has to use Windows Live Messenger 8.1. When a user using an older version of Messenger tries to login, the client will help the user with a mandatory upgrade to Messenger 8.1. </p> <p>Some of you might feel this inconvenient, but in order to protect you and protect the health of the network we have chosen to take this step</p></blockquote> <p>And like it or not, the &quot;health of the network&quot; is a pretty valid reason for taking this extra step.&nbsp; It all boils down to <a href="http://www.microsoft.com/technet/security/Bulletin/MS07-054.mspx" target="_blank">Security Bulletin MS07-054</a>, &quot;Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)&quot;.&nbsp; This vulnerability, which has been fixed in 8.1 and the beta version 8.5 &quot;could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system.&quot;</p> <p>Whatever users out there who are still using Windows 98 or 2000 are vulnerable as well, and for those systems <a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=cf49c56c-8b3e-4eae-9904-9505f47bed45&amp;DisplayLang=en" target="_blank">a newer version of MSN Messenger 7 was released today</a>. Available now, the MSN Messenger 7 upgrade will be forced as well, once the Windows Live Messenger upgrades have completed</p><div style="clear:both;"></div><img src="http://www.liveside.net/aggbug.aspx?PostID=4985" width="1" height="1">MessengerSecurity patch