Mandatory update for Microsoft Live Messenger
Microsoft's Live Messenger appears to be among the programs affected by the critical ATL security holes. Holes Microsoft recently closed with emergency patches for the Visual Studio development environment libraries and later blocked in Internet Explorer.
To eliminate this security risk, it's recommended that users of versions 8.1, 8.5 and 14.0 switch to current, bug-free versions. The update announcement says updating will initially be optional, but will become mandatory for 8.1 and 8.5 in mid September, and for version 14 from the end of October. As the Windows Live Messenger Team explains in a blog entry eventually it will no longer be possible to log into Messenger using the older versions.
The security problem is triggered by Microsoft Visual Studio auxiliary libraries for creating ActiveX controls. Programs using these libraries are vulnerable. One can only hope that, in addition to Microsoft, other software vendors will follow the example of Adobe and Cisco and check their products as soon as possible.
- More information about Microsoft's ATL problems, a report from The H Security.