News

IM Patch Reissued

The critical security vulnerability in some of Microsoft's instant message products that prompted an analyst at Gartner to warn IT managers away from permitting instant messaging in their enterprises has reared its head again.

Microsoft reissued the patch this week to prevent an ActiveX control at the heart of the vulnerability with MSN Chat, MSN Messenger and Exchange Instant Messenger from being reintroduced after the patch is applied.

"While the fixes issued on May 8 2002 resolved the vulnerability, they did not protect in all cases against the reintroduction of the vulnerable control. As a result, a new set of fixes is being released to ensure that systems are fully protected against the reintroduction of the vulnerable control," Microsoft stated in the updated bulletin.

The security bulletin is posted at www.microsoft.com/technet/security/bulletin/MS02-022.asp.

The original vulnerability allowed attackers to run code of their choice on an affected system. A Gartner analyst warned that the vulnerability had the potential to be used in a multi-pronged attack along the lines of Code Red and Nimda. The Microsoft problem prompted the Gartner warning, but Gartner noted that it was the latest in a string of vulnerabilities discovered in instant messaging products from Microsoft, AOL and Yahoo!

Meanwhile, the Microsoft repatch comes shortly after security professionals at CERT issued a warning about several problems with Yahoo! Messenger.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.