 |
Anand, a Microsoft security program manager reveals via the Inside Windows Live Messenger blog that Microsoft is forcing Live Messenger users to upgrade to version 8.1 before any further usage due to a security exposure in earlier versions.
The security issue detailed in Microsoft Security Bulletin MS07-054 is exceedingly nasty:
The vulnerability could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
It’s not quite a drive-by security hole, but clearly the next worst thing. An optional upgrade to 8.1 has been available since January, but the recent appearance of exploits of the vulnerability lead Microsoft to compel the upgrade when faced with the prospect of ever widening ripples of infected Live Messenger users.
