Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Users of Microsoft's Windows Live Messenger instant messaging software soon will be required to upgrade to the latest version to close vulnerabilities that could enable an attacker to execute remote code.Last Tuesday, Microsoft pushed out the newest version, Windows Live Messenger 14.0.8089. The upgrade addressed vulnerabilities in Microsoft's Active Template Library (ATL), which was used in the development of the IM program, the company said in a blog post last week.Microsoft is not aware of any attacks currently targeting the ATL vulnerability in Live Messenger, a Microsoft spokesperson told SCMagazineUS.com. Beginning in the middle of this month, users of Messenger versions 8.1, 8.5 and 14.0 must upgrade, with a deadline at the end of October. Users will be prompted to install the new version when they sign into one of the vulnerable versions of Live Messenger, Microsoft said. If users do not upgrade, they may not be able to connect to the IM service."It will take several weeks for the upgrade process to be completed, as the upgrade will be rolled out to customers over the course of several weeks," Microsoft said.Users of Live Messenger version 14.0 will not see any visible changes with the upgrade. But for users of Windows Live Messenger versions 8.1 or 8.5, the update also includes additional non-security features, Microsoft said. The vulnerabilities in ATL affect not only Live Messenger but numerous programs developed with ATL. In late July, Microsoft issued two out-of-band security patches to address the ATL bugs in Visual Studio and Internet Explorer. In addition, Microsoft fixed five additional vulnerabilities in the ATL during its scheduled Patch Tuesday on August 11. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.