MSN Messenger Security Update 838512

  • Thread starter Thread starter Porch Monkey
  • Start date Start date
P

Porch Monkey

Just a few questions, trying to figure out if this update is really
necessary or not.

http://www.microsoft.com/technet/security/bulletin/ms04-010.mspx

Does the user have to give the "attacker" permission to start a
conversion for the said attacker to exploit this flaw? In other words
wouldn't you know someone is using the Messenger, the attacker could not
use the flaw just because you were simply online correct?

Will having a good firewall also prevent this attack?

Thanks in advance!!

Monkey
 
Greetings Monkey,

If you're using MSN Messenger 6, I would definitely upgrade.

If the user has "All Others" set on the Allow list (which allows anyone to communicate with
them), see the Tools menu, Options, Privacy tab to see this, then no, no "permission" is
required. If "All Others" is blocked, then this won't be an issue (unless one of your
contacts were to exploit it).

I'm not quite sure about the firewall question, MSN Messenger 6's file transfer capabilities
do allow files to be transferred through the Messenger server, and as such, a firewall
wouldn't help you if the file was transferred in that way.
____________________________________________
Jonathan Kay
Microsoft MVP - Windows Messenger/MSN Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
 
Thanks Jonathan,

I use Messenger 6.1 so I guess I should upgrade. One more question, I
take it this flaw will also be corrected in version 6.2?

Thanks again,

Monkey
 
Back
Top