Microsoft is aware of exploit code available on the Internet that targets an issue addressed this week by Microsoft Security Bulletin MS05-009. Microsoft is not currently aware of any active attack utilizing this code or any customer impact. We will continue to actively monitor the situation and provide updated customer information and guidance as necessary. Our investigation of this exploit code has verified that it does not affect users who have installed the MS05-009 update for both Microsoft Windows and MSN Messenger. Microsoft continues to recommend customers apply the MS05-009 updates to the affected products by enabling Automatic Updates in Windows as well as installing the updated version of MSN Messenger. On This Page Actions for MSN Messenger Users Actions for Enterprise Customers Actions for MSN Messenger Users Users should make sure their Windows and MSN Messenger software is current with the latest security updates released February 8. Step 1: Update Windows All Windows users should apply the latest Microsoft security updates to help ensure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit the Windows Update Web site, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. Step 2: Update MSN Messenger MSN Messenger users can install the updated version of MSN Messenger manually by visiting the MSN Messenger Web site and clicking the Download Now! link. Also, any user attempting to sign in to the MSN Messenger service with an earlier version will be will be prompted to upgrade. To get the updated version, users need simply click the upgrade notification when it is displayed. The evaluation copy (beta release) of the new MSN Messenger 7.0 is not targeted by the exploit code, but like all beta releases, it also is not supported by Microsoft Product Support Services. Microsoft recommends that customers install beta versions only on secondary computers to avoid any unplanned or unpleasant side effects that might affect other programs. If you have only one computer, we recommend that you use only released software and avoid installing beta versions. Top of page Actions for Enterprise Customers Enterprise businesses should consider removing and blocking MSN Messenger from their environments. If this is not feasible, make sure every installed version of Windows and MSN Messenger is current with the latest security updates. Step 1: Uninstall MSN Messenger Uninstall MSN Messenger within your network; MSN Messenger is not intended for corporate environments. Instead, use Windows Messenger, which is included with Windows. Step 2: Block MSN Messenger Access … Block access to MSN Messenger in your environment. For guidance, see Knowledge Base article 889829. … Or Update MSN Messenger If you prefer to use MSN Messenger, use the Enterprise Update Scanning Tool to determine vulnerable systems on your network and upgrade them to the latest version through the MSN Messenger Web site or the Microsoft Download Center (for file locations, see Microsoft Security Bulletin MS05-009). Get the updates here.
