The decision was announced at Microsoft's Professional Developers' Conference last week. It follows chief executive Steve Ballmer's statement last month that Microsoft was looking at ways that Windows could shield itself against attacks instead of relying on third-party solutions.
Microsoft has now deemed the Windows Messenger Service non-essential, after discovering a buffer overflow in the program that allows attackers to remotely place and run malicious code on vulnerable XP machines.
The company has already released a security patch, but has bowed to user calls for the feature to be disabled by default as a way of improving corporate security.
Amy Carroll, director of the Microsoft security business unit, said the change would be contained in the soon-to-be-released Windows XP Service Pack 2.
Carroll also said Microsoft was considering changes to the default settings of the Internet Explorer browser to make it more secure against potential attacks.
She said the size of Microsoft security patches had been reduced by 35% in the past year, in order to make them easier to manage and install. The size would be reduced by 80% by May 2004, she added.