Tweet
Time to patch again as MSN Messenger flaw allows hard-drive access!
Microsoft has revealed three new vulnerabilities in its software, including the first to affect MSN Messenger 6.0, and is urging customers to patch their systems now.
Two of the vulnerabilities are considered medium-level risks, while the third presents a medium- to low-level risk, according to security software specialist Symantec and others. Three separate patches to repair the flaws--which affect different pieces of software--have been released and are available for download. The identification of the vulnerabilities came Wednesday as part of Microsoft's regular security bulletin process.
Later, the software giant will also send notices about the Messenger patch through MSN Messenger itself, said Stephen Toulouse, security program manager for the Microsoft Security Response Center.
The vulnerability in MSN Messenger versions 6.0 and 6.1 could let an attacker view the contents of a victim's hard drive during a chat session with the victim.
Attackers "could view files through MSN Messenger on their computer," Toulouse said. "They can do it, and you are not necessarily aware of what they are doing."
Users who do not block anonymous callers are most vulnerable to the exploit. If anonymous callers are blocked, the attacker has to be identified on the victim's address list. To obtain particular information, such as credit card numbers, attackers have to troll the hard drive, said Toulouse.
Two of the vulnerabilities are considered medium-level risks, while the third presents a medium- to low-level risk, according to security software specialist Symantec and others. Three separate patches to repair the flaws--which affect different pieces of software--have been released and are available for download. The identification of the vulnerabilities came Wednesday as part of Microsoft's regular security bulletin process.
Later, the software giant will also send notices about the Messenger patch through MSN Messenger itself, said Stephen Toulouse, security program manager for the Microsoft Security Response Center.
The vulnerability in MSN Messenger versions 6.0 and 6.1 could let an attacker view the contents of a victim's hard drive during a chat session with the victim.
Attackers "could view files through MSN Messenger on their computer," Toulouse said. "They can do it, and you are not necessarily aware of what they are doing."
Users who do not block anonymous callers are most vulnerable to the exploit. If anonymous callers are blocked, the attacker has to be identified on the victim's address list. To obtain particular information, such as credit card numbers, attackers have to troll the hard drive, said Toulouse.
Comment