MSN Messenger flaw can disclose user data

News

MSN Messenger flaw can disclose user data

A new flaw in Microsoft's MSN Messenger software could reveal users' names and email addresses as well as people on their "buddy list".

The flaw allows a Javascript program placed on a Web page visited by MSN Messenger users to capture a user's display name for the chat program, as well as the names of all their contacts. This could allow people's real names to be harvested by malicious Web sites, he said. If no display name is set in the program, the Javascript will obtain the user's e-mail address instead.

The flaw exploits a feature in MSN Instant Messenger, which notifies users when they have received new e-mail in their Hotmail accounts.

Though Microsoft is treating the flaw as low risk, it will release a new version of its Messenger products early next week, a spokeswoman said. Users will be notified that a new version is available and will be prompted to download it.

In the meantime, Microsoft is advising concerned users to go to the MSN Messenger support Web site ( messenger.msn.com/support/status.asp ) for information about the issue and steps they can take to protect themselves.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy