Security News > 2004 > October > Security concerns put MSN Messenger beta on hold
http://www.computerworld.com/securitytopics/security/story/0,10801,96475,00.html By Joris Evers OCTOBER 07, 2004 IDG NEWS SERVICE Microsoft Corp. has suspended the beta testing of the next version of its MSN Messenger client because of a potential security problem, a company spokeswoman said yesterday. Testers discovered a potential security issue in the early version of MSN Messenger 7 shortly after Microsoft made the instant messaging client available to a select group of testers over the weekend, according to postings on MSN Messenger enthusiast Web site Mess.be. The problem lies in a new MSN Messenger feature dubbed "winks" that allows users to send each other sound animations. The feature can be abused to overwhelm a user's system, according to Mess.be. The company has decided to put the test on hold and pull the software while it looks into the issue. It will make available a new version of the client, one without the winks feature, probably some time next week, the spokeswoman said. The test version of MSN Messenger 7 was designed to only allow approved animations to be sent. However, Microsoft is investigating the possibility that the feature may be exploited to send "rogue winks that could cause security issues," the spokeswoman said. Although winks will no longer be in this test version of MSN Messenger, Microsoft still plans to include the feature in the final version of the product, she said. It is unclear how many people downloaded the potentially vulnerable version of MSN Messenger. The software had not officially been released to testers and only a small group of people was given access to the download, according to Microsoft. However, the potentially vulnerable instant messaging client has popped up elsewhere on the Web. Microsoft announced the limited beta of MSN Messenger 7 last week. The test is a significant step in the release process for MSN Messenger, which has 135 million active users per month. Microsoft hopes to release a final version of the software in the first quarter of 2005, after a public beta test scheduled for later this year. While Microsoft's MSN group has pulled one trial version of its products, another is back. The company on Monday quietly launched a second "technology preview" of its upcoming Internet search engine, MSN Search. The first preview went online in early July with an index of 1 billion Web pages and was taken offline in August. The second preview is similar, but Microsoft has now indexed 5 billion Web pages, the spokeswoman said. In addition to the larger index, MSN Search has been improved to provide more relevant search results, the spokeswoman said. The service also offers results from more Internet domains, as well as spelling correction and cached pages, she said. The launch of the final version of the MSN Search product, Microsoft's answer to Google Inc.'s search success, is expected later this year or early next year. The MSN Search preview page is available at http://techpreview.search.msn.com/. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
News URL
http://www.computerworld.com/securitytopics/security/story/0,10801,96475,00.html