MSN Messenger vulnerable to 'highly critical' webcam flaw

MSN Messenger vulnerable to 'highly critical' webcam flaw

Summary: Exploit code for a "highly critical" vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

SHARE:
TOPICS: Windows
15

MSN Messenger vulnerable to ‘highly critical’ webcam flawExploit code for a "highly critical" vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

The exploit, available here, is caused by an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation.

"This is under investigation," a Microsoft spokesman said.

[ SEE: Beware of strange Yahoo Messenger webcam invites

"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue," he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

"We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007," the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

Windows Live Messenger is the successor to MSN Messenger, the popular text and video chatting tool offered by Redmond's MSN division.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • What about those who don't have XP yet?

    It's all very well saying we have to upgrade to Windows Live Messenger 8.1, but what about people who still use pre XP windows? 8.1 doesn't work on Win2000.
    chrispy.page
    • A patch is likely coming

      Microsoft has not ruled out providing a patch--it just doesn't have one yet.

      "This may include providing a security update through the monthly release process..."
      PB_z
      • A patch is likely coming

        And who do you work for ??? Someone in Redmond ???
        vegas21
    • YIKES!!!!!!!

      true....XP has ONLY been out for errrr ummmmm 5 years
      tpratt1
      • And your point is...?

        And for what it's worth - it's 6 years...

        AS they say.. If it ain't broke...
        Wolfie2K3
  • Hmm... This is pretty obvious...

    Before I accept a webcam invitation, I'd have to meet directly in person before I use a webcam. I would never accept a webcam invitation from anyone, except from my mom and anyone I've met in person before.

    It's kind of tricky, but I think it's worth it, for the sake of honesty.
    Grayson Peddie
  • Maybe I've become too cynical...

    But, my gut tells me that this problem is a M$ ploy. Someone
    found the vulnerability. M$ was alerted and after a think tank
    session, they decided on this plan of action. Make a small news
    blip in China, then gradually fan the flames. Create a public
    outcry then slide in Vista as the saviour. Isn't Vista *more
    secure*?

    As was already mentioned, what about the users of older OS
    versions? Vista will solve all f you problems, says M$ in hypnotic
    tones. M$ is not above sabotaging, bad mouthing or crippling a
    product they already sold in order to boost sales their new
    product. I'm sick of M$ and its tactics.

    BTW, all MacBooks and iMacs have webcams built in.
    Landrue
    • Vista has nothing to do with it.

      Microsoft said nothing about Vista in their response. They said upgrade Windows Live Messenger. Running XP? Update to Live Messenger 8.1 for WinXP.

      http://get.live.com/messenger/sysreq
      "Below are the requirements for Windows Live? Messenger."
      "Operating system Microsoft? Windows? XP"

      I also don't see what having a built-in webcam has to do with anything.

      As for versions before WinXP (it has been mentioned that XP has been available for 5 years, but the actual number is closer to 6), well, Win2k is no longer in mainstream support, and Win98 is no longer supported at all.
      Azriphale
    • Maybe I've become too cynical...

      You are Bang on my friend If it's not about money who gives a S...
      vegas21
  • Patch Already Out

    www.ubuntu.com
    itanalyst
    • nothings a patch on Tux

      LOL, agreed!
      CeciLinux
    • ubuntu has flaws!

      http://secunia.com/advisories/16423/

      Description:
      Ubuntu has issued an update for gaim. This fixes a vulnerability and two weaknesses, which can be exploited by malicious people to compromise a user's system
      qmlscycrajg
  • Windows in General

    Do you think Gates actually uses windows as his O/S. Probably linux is his personal choice!! Bye the way Billy baby, how many $billions, or is it $trillions does a person really need?? Now that your are all done with Vista it's probably time to pull it off the shelf (just like XP) & force everyone to embark on the next disaster !!
    vegas21
  • RE: MSN Messenger vulnerable to 'highly critical' webcam flaw

    Every time you start a conversation using the new version of <a href="http://www.rosoftdownload.com/download/Windows/Windows-Live-Messenger-(MSN-Messenger)">MSN Messenger</a>, Microsoft shares a portion of the program's advertising revenue with some of the world's most effective organizations dedicated to social causes.
    yman25
  • RE: MSN Messenger vulnerable to 'highly critical' webcam flaw

    I think viruses can appear anytime, is good to update programs. New versions appears often with improvements. I have latesty version of WLM and no problem with viruses.

    Also, i use Avira antivirus to protect PC
    ellias23