Windows Messenger service vulnerable to critical exploit
Wednesday October 15, 2003
Microsoft has issued a critical patch to resolve a vulnerability in the Windows Messenger service which could allow an attacker to remotely run malicious code. Disabling the Messenger service is recommended unless specifically needed (i.e. in a networked environment as directed by the sysadmin, or as required by certain backup software and UPS devices). The Messenger service is a favorite with spammers, who exploit the service to serve pop-up advertising to unsuspecting users. Thus, disabling the service not only protects against the exploit, it may prevent unwanted advertising from appearing on your PC. Microsoft Security Bulletin MS03-043 provides details and a patch for those who must keep the Messenger service enabled. Properly configured personal firewall software will block the inbound RPC traffic used to exploit this vulnerability.
Microsoft is now releasing Security Bulletins on a monthly basis. This month's release includes critical security updates for Microsoft Windows and Exchange Server. October patches:
Microsoft Exchange Server patches
Microsoft Windows patches
Home users should visit the Windows Update site to check for necessary patches.
Microsoft is now releasing Security Bulletins on a monthly basis. This month's release includes critical security updates for Microsoft Windows and Exchange Server. October patches:
Microsoft Exchange Server patches
Microsoft Windows patches
Home users should visit the Windows Update site to check for necessary patches.
No comments yet. Leave a Comment