Microsoft forces upgrade after IM security scare

 

Gallery

By Miya Knights

Posted on 14 Sep 2007 at 13:51

Microsoft is forcing users of its MSN and Live instant messenger (IM) software to upgrade to the latest version to address a serious security vulnerability.

The company issued a patch for the vulnerability - which could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker - earlier this week as part of its regular Patch Tuesday update.

Microsoft claims an attacker who successfully exploited this vulnerability could potentially take complete control of the affected system.

Having issued the patch, Microsoft has now decided to force an upgrade to the unaffected Windows Live 8.1 for all users of affected versions. "Some of you might feel this inconvenient, but in order to protect you and protect the health of the network we have chosen to take this step," according to a blog entry posted by a security product manager for Windows Live Messenger.

Affected users were invited to download the latest version prior to the patch release, but will now be notified to upgrade at each attempt to sign-on to the service. Users who do not accept the upgrade notification will be blocked from accessing the service.

Microsoft changed the name of the chat client from MSN Messenger to Windows Live with version 8. But some users responding to the blog posting were unhappy with the mandatory upgrade, saying the latest version does not compare favourably with older ones because, for instance, it requires greater computing resources to run audio and video features.

One user wrote: "It's my computer and I should be allowed to do what I want with it. I don't want to be forced into upgrading to Windows Live, when I find 7.5 a much better choice."