MSN Messenger Buffer Overflow Makes Webcam Sessions Dangerous

Severity: Medium

11 September, 2007

Summary:

Today, Microsoft released a bulletin describing an important security vulnerability affecting MSN Messenger and Windows Live Messenger. By enticing one of your users into accepting a malicious webcam invite, an attacker could exploit this vulnerability to potentially gain complete control of that user’s computer. If you use MSN Messenger or Windows Live Messenger in your network, you should download, test, and deploy the latest version as soon as possible.

Exposure:

Microsoft’s security bulletin describes a vulnerability affecting MSN Messenger 6.2, 7.0, 7.5, and Windows Live Messenger 8.0. The flaw stems from a heap buffer overflow vulnerability in the code used to handle webcam and video chat sessions. We mentioned this vulnerability in an August Wire post, but Microsoft hadn’t patched it at that time. If an attacker can entice one of your users into accepting a specially crafted webcam invite, she can exploit this flaw to execute code on the user’s computer, with that user’s privileges. As always, if your users have local administrative privileges, attackers could exploit this vulnerability to gain complete control of their machines.

Solution Path

Microsoft has released new versions of MSN Messenger and Windows Live Messenger to fix this vulnerability. If you use either of these instant messaging clients, download and deploy the latest version of Messenger as soon as you can.

WatchGuard does not recommend the use of normal (insecure, unencrypted) Instant Messenger clients. If your organization does not require MSN Messenger, but users keep sneaking it in, check the Workarounds section of Microsoft’s bulletin for techniques you can use to block all Messenger traffic. In our experience, these workarounds are not 100 percent effective, but they might prove useful enough to discourage your unauthorized Messenger users.

For All WatchGuard Users:

If you allow MSN Messenger connections through your firewall, this flaw affects you and we recommend you download, test and install the patch above. However, you can also configure your WatchGuard Firebox to deny MSN Messenger traffic and thereby mitigate the risk of this vulnerability. For more details on blocking MSN Messenger traffic with your Firebox, read this FAQ.

Status:

Microsoft has released patches correcting these issues.

References:

Possibly related posts: (automatically generated)

This entry was posted on Wednesday, September 12th, 2007 at 9:59 pm and is filed under Business Computer Support, Home Computer Support, MSN Messenger, Microsoft, Non-Profit Technology, Student Computing, Windows 2000, Windows Vista, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply