Microsoft warns on Messenger vulnerability
Published: 09 May 2002 17:11 BST
Microsoft issued a security alert after discovering a weak spot in its popular MSN Messenger service that could be exploited by hackers.
The alert, issued on Wednesday, said that the vulnerability affected MSN Messenger's chat feature, which allows multiple messenger users to exchange text messages in a separate ActiveX-based window.
Hackers can exploit the vulnerability to impose a buffer-overflow attack, the alert said. Buffer-overflow vulnerabilities allow hackers to execute potentially harmful programs on a victim's computer that could delete files or cripple the system's security.
Attackers can issue the buffer overflow through HTML email or a malicious Web site, the notice added.
To plug the vulnerability, people must download an updated version of MSN Messenger or Exchange Instant Messenger. They can also download an updated version of MSN Chat control from its chat Web sites.
Microsoft chairman Bill Gates has made security a top priority at the software giant. The company has come under criticism routinely for security and privacy weaknesses in its software. Now that Microsoft is focusing on its .Net initiative, which strives to offer software and services over the Internet, the issue of security and privacy has become more critical.
In February, security specialists called attention to a browser glitch that left MSN Messenger vulnerable to a fast-spreading worm.
Also at about that time, a glitch in the company's similar Windows Messenger prevented some users from staying connected to the service. Users of MSN Messenger seemed less affected by the problem.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
56 out of 113 people found this useful
- Share this article:
