MSN Messenger forced upgrade
From: Jason Clishe (jclishe_at_NUSOFTSOLUTIONS.COM)
Date: 12/05/03
- Previous message: Michael Bemmerl: "New Virus?"
- Next in thread: Nick FitzGerald: "Re: MSN Messenger forced upgrade"
- Reply: Nick FitzGerald: "Re: MSN Messenger forced upgrade"
- Maybe reply: Russ: "Re: MSN Messenger forced upgrade"
- Reply: George Carlson: "SP4 Breaks Group Policies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Dec 2003 09:35:46 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Apparently Microsoft is forcing its MSN Messenger 6.1.01xx users to
upgrade to MSN Messenger 6.1.0203. The nature of this forced upgrade
smells suspiciously like some sort of security vulnerablity that they
don't want to announce. Most troubling is the nature in which Microsoft
handled this upgrade.
As of some time last yesterday afternoon (EST), when a user attempted
to sign in using version 6.1.01xx, you were presented with a window
informing you that you MUST upgrade to version 6.1 in order to continue.
You are given the option to go ahead with the upgrade, or do not upgrade
and therefore do not login. You also have a "Whats New" link that you
would assume would take you to a page that describes why you need to
proceed with this forced upgrade. That's what you'd think anyway.
Unfortunately, this link just takes you to the original version 6.1
major release page, dated October 23, and provides absolutely no
information regarding the forced upgrade. In fact, navigating through
the entire MSN Messenger site yields absolutely no information regarding
this new application that you are being forced to install.
Obviously, at this point I was suspicious as to whether this was in fact
a Microsoft upgrade, or some sort of trojan. I headed over to
microsoft.public.msn.messenger, assuming that there would be some
dialogue already underway about this, and sure enough there was. At
least one MVP confirmed that this was a legitimate upgrade from
Microsoft, but with absolutely no information about why this upgrade was
being forced, and why it was only being forced to current 6.1.01xx
users.
As an added bonus, posts are beginning to pile up this morning on
m.p.m.m regarding all sorts of problems that users are having with this
new release.
So in a nutshell, Microsoft forces a Messenger upgrade, provides
absolutely no information about what the upgrade fixes[1], and the
upgrade itself presents bugs that weren't previously there.
Does Microsoft care to comment?
[1] Apparently this upgrade must fix something relatively severe, if
Microsoft is taking steps to actively prevent version 6.1.01xx from
begin logged into the Messenger network.
Jason Clishe
Senior Network Engineer
NuSoft Solutions, Inc.
-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, *** covering, and bureaucracy are threatening to derail any
chance of making progress.
-----
- Previous message: Michael Bemmerl: "New Virus?"
- Next in thread: Nick FitzGerald: "Re: MSN Messenger forced upgrade"
- Reply: Nick FitzGerald: "Re: MSN Messenger forced upgrade"
- Maybe reply: Russ: "Re: MSN Messenger forced upgrade"
- Reply: George Carlson: "SP4 Breaks Group Policies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
