EmailSafety.net - Microsoft: Upgrade Messenger or else

Microsoft: Upgrade Messenger or else

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Microsoft will force an upgrade on users of its Windows Live Messenger instant messaging software in September to plug a hole the company introduced when a programmer added an extra character to a code library.

Starting in mid-September, users of Messenger 8.1 and 8.5 will be required to upgrade to Messenger 14.0.8089 if they want to use Microsoft's instant messaging service, the company announced in a blog posted last Thursday .

Optional upgrade offers have already started reaching Messenger 8.1 and 8.5 users, Microsoft said.

The timeline for people running a build of Messenger 14 is different. Mandatory upgrades to Messenger 14.0.8089 will begin in late October, while upgrade offers will be sent at the beginning of that month.

Related Content

"It will take several weeks for the upgrade process to be completed, as the upgrade will be rolled out to customers over the course of several weeks," Microsoft said.

Microsoft also encouraged users to proactively upgrade by manually downloading the newest version of Messenger from the service's site.

Although Messenger 14 includes several new features and a revamped interface, Microsoft's making the upgrade mandatory because of a flaw inherited from a buggy Microsoft code "library" -- Active Template Library, or ATL -- used by programmers in the IM client's development.

In late July, Microsoft acknowledged that the vulnerability introduced in software crafted using ATL was due to a one-character typo : an extra "&" symbol to be exact.

On July 28, Microsoft issued a pair of emergency patches to crush the ATL bug in Internet Explorer and Visual Studio, the company's popular development platform. On Aug. 11, as part of its regularly-scheduled monthly security update, Microsoft patched five more ATL flaws in several company-made components.

Windows Live Messenger was not among the programs named in MS09-037 , the accompanying security bulletin, however. Previously, Microsoft said it might take months for it to go through the code of all its software to determine which was affected by the ATL bug.

Last week, Microsoft revised the security advisory for the ATL vulnerabilities to add a section on Messenger. In the alert's FAQ, the company made clear that the upgrade was mandatory. "If you do not accept the upgrade, you may not be allowed access to Windows Live Messenger service," the advisory read.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites