Best TVs 'She-Hulk' Review Up to $1,000 Off Samsung Phones Best Streaming TV Shows Home Bistro Review 8 Great Exercises Amazon Back-to-School Sale Best Phones Under $500
Want CNET to notify you of price drops and the latest stories?
No, thank you

Microsoft issues Messenger patch

The software maker posts a security alert after finding a weak spot in its popular MSN Messenger service that could be exploited by hackers.

Microsoft has issued a security alert after discovering a weak spot in its popular MSN Messenger service that could be exploited by hackers.

The alert, issued Wednesday, said that the vulnerability affected MSN Messenger's chat feature, which allows multiple messenger users to exchange text messages in a separate ActiveX-based window.

Hackers can exploit the vulnerability to impose a buffer-overflow attack, the alert said. Buffer-overflow vulnerabilities allow hackers to execute potentially harmful programs on a victim's computer that could delete files or cripple the system's security.

Attackers can issue the buffer overflow through e-mail that contains HTML or a malicious Web site, the notice added.

To plug the vulnerability, people must download an updated version of MSN Messenger or Exchange Instant Messenger. They can also download an updated version of MSN Chat control from its chat Web site.

Microsoft Chairman Bill Gates has made security a top priority at the software giant. The company has come under criticism routinely for security and privacy weaknesses in its software. Now that Microsoft is focusing on its .Net initiative, which strives to offer software and services over the Internet, the issue of security and privacy has become more critical.

In February, security specialists called attention to a browser glitch that left MSN Messenger vulnerable to a fast-spreading worm.

Also around that time, a glitch in the company's similar Windows Messenger prevented some people from staying connected to the service. Users of MSN Messenger seemed less affected by the problem.