syed writes "In February, Microsoft warned of an unrelated flaw in MSN Messenger that could allow a hacker to gain access to screen names and e-mail addresses.
Now it's another flaw. Read more...


Microsoft said Wednesday that hackers could exploit the vulnerability to run their own malicious commands on a user’s computer. Sounds pretty vague to me.

Affected is a feature that allows users to gather in a single virtual location or “chat room� to exchange messages across the Internet in near real time.

Once nice thing about this is that the version shipped with XP is not affected.

The bad thing is, Microsoft was informed of the flaw by a security firm about a month ago but did not disclose it until late Wednesday because it was developing the fixes or “patches� for customers to download. (Why not let other know so they could avoid having it happen to them?)

You can upgrade by visiting an MSN Chat site and downloading an upgraded new chat control, or by upgrading on the site to the latest version of MSN Messenger or Exchange Instant Messenger.

Here is the link to the Microsoft Security Bulletin.

Direct Download for the patch is :
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38790
"