We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

MSN Messenger users warned of 'exploit pack'

Last week, it was a webcam flaw in Yahoo Messenger that could leave you vulnerable to attack if you clicked a link to a malicious video conversation invitation. Now, researchers have found a similar hole in Microsoft's MSN Messenger.

Unlike the Yahoo Messenger hole - which has been patched - there is already proof-of-concept exploit code available in what SecurityFocus chillingly calls an 'exploit pack'. However, the discoverer's site - team509 - is mostly in Chinese.

Danish security researcher Secunia rates this as 'highly critical' - its second-highest severity rating. The affected versions are MSN Messenger 7.x and 6.x. Microsoft confirmed it is "investigating" the hole and in the meantime is urging users to upgrade from MSN Messenger to Windows Live Messenger 8.1, which has been out since February.

An emailed statement attributed to Christopher Budd, security program manager for Microsoft, states:

"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue .... As a best practice, we always recommend running the most recent version of Windows Live Messenger for the latest security and reliability updates."

Like the Yahoo Messenger flaw, you can be attacked if you click to accept a video conversation invitation that's been booby trapped. The exploit is similar too - it's another buffer overflow vulnerability. So as always, think before you click.

And while we're waiting for Microsoft to patch this one, it's probably a good idea to upgrade to Windows Live Messenger 8.1.

PC World

IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...