Messenger Hole Forces Update

Elizabeth Montalbano

September 17, 2007, 5:09 AM ET

3 min read

— -- Microsoft Corp. is forcing Windows Live and MSN Messenger users to upgrade to the newest version due to a security update included in that release, according to a posting on a Microsoft blog.

Anyone using 6.2, 7.0 and 7.5 versions of MSN Messenger or Windows Live Messenger 8.0 will be guided through the upgrade process to Windows Live Messenger 8.1 when they try to log in to their chat client, according to a blog posting by a security product manager at Microsoft calling himself "Anand." This will replace the option upgrade notice that users have been given when using those versions of the product since January, he wrote.

"Some of you might feel this inconvenient, but in order to protect you and protect the health of the network we have chosen to take this step," the blog entry said.

The Messenger vulnerability, which let hackers embed malicious code in Web chat invitations to users, was disclosed in August. It affected MSN Messenger versions 6.2, 7.0 and 7.5, as well as Windows Live Messenger 8.0. Microsoft changed the name of its popular chat client from MSN to Windows Live with version 8.0.

Microsoft patched the problem in older versions of Messenger as part of its monthly round of patches on Tuesday, which means users of affected versions of Messenger theoretically could install the patch and protect themselves. In its security bulletin for the patch, the company recommended Windows XP and Vista users upgrade to Windows Live Messenger 8.1, but only suggested in a vague way that they might order a mandatory update.

"If you do not upgrade to a non-affected version of the MSN Messenger or Windows Live Messenger client, depending on your platform, you will be notified to upgrade on each attempt to sign on," the company said in Tuesday's security bulletin. "If you do not accept the upgrade, you may not be allowed access to MSN Messenger or Windows Live Messenger service."

The company apparently changed its mind Wednesday, which is when the posting that disclosed the mandatory upgrade hit the Web.

Users who commented on Anand's blog post had mixed opinions on the decision. One post complained that the user had "tried using Windows Live Messenger before and found that it simply takes up too much of my system's resources!" However, another said it was "a good decision," while still another said he was running Windows Live Messenger 8.5 in beta form and "it's not even that buggy."

Microsoft's decision to force upgrades brings to mind complaints raised several months ago by users of AOL Instant Messenger (AIM) that AOL LLC was encouraging users a little too insistently to upgrade from AIM 6.0 to 6.1. Users were angry about upgrade alert messages displayed on AIM screens that could not be turned off and would continue to reappear and interrupt current IM activity even after a user had closed the dialogue box.

Video

Live

Shows

Sections

U.S.

Politics

International

Coronavirus

Jan. 6 Riot

Entertainment

Business

Technology

Lifestyle

Health

Virtual Reality

Weather

Tips

Sports

FiveThirtyEight

Messenger Hole Forces Update