(Updated 2/10/05 11:30 PM PST)
The MSN Messenger team has a new page for users with information about this problem. You can read it here.
(Updated 2/12/05 1:52 PM PST)
The MSN Messenger team has started enforcing that 6.2.0205 is the minimum build of 6.1/6.2 allowed to connect to the MSN Messenger service. To enforce the new minimum version we have started a mandatory upgrade.
If you are running 6.1 or 6.2 and haven’t upgraded to 6.2.0205 when you Sign In to MSN Messenger you receive a notice that says:
A newer version is available. You must install the newer version in order to continue. Would you like to do this now?
If you choose “Yes”, that will start the MSN Messenger setup process. If you choose “No”, you will be returned to the Sign In window.
If you have Messenger configured to start when Windows starts, you’ll get this prompt when you first login to your desktop.
There’s a link from the dialog box to the MSN Messenger “What’s new” page. This page has great links to more information.
I’ve spent a good chunk of my day working on writing the message that PSS will send to customers who contact us about the mandatory upgrade. I’ve gotten lots of great support from folks all over the company on putting this together.
If you contact PSS here’s what the initial response will be:
Thanks you for taking the time to contact MSN Messenger support . . . if you are being notified "A new version of MSN Messenger is now available. Click here for more information" please read the message below:
The highest priority for MSN is to provide a safer computing environment for our users. There is currently a security vulnerability in some versions of MSN Messenger. While this vulnerability has not yet been exploited, MSN is taking decisive action to help protect the MSN Messenger community so that all our customers can use the .NET Messenger service and be protected from any malicious software targeting this vulnerability. Details about this vulnerability are documented in a recent Microsoft security bulletin (MS05-009). For more information, go to http://www.microsoft.com/technet/security/bulletin/MS05-009.mspx.
As part of this, the MSN Messenger team is requiring customers using vulnerable versions of MSN Messenger to upgrade to MSN Messenger 6.2.0205 or the MSN Messenger 7.0 beta, both of which are not affected by this security vulnerability.
While we apologize for any inconvenience around this mandatory security upgrade, our goal with it is to help protect you and the rest of the MSN Messenger community.
What versions are being upgraded?
The mandatory upgrade will cover all versions of 6.1 and any version of 6.2 below 6.2.0205.
How can I tell what version of MSN Messenger I have?
To determine your version of MSN Messenger, form the menu click “Help” and choose “About”.
What if I’m running the beta of version 7.0?
MSN Messenger v 7.0 Beta is not affected by this vulnerability.
To upgrade your version of MSN Messenger
1. Visit http://messenger.msn.com/download
2. Download the version of MSN Messenger for your operating system, and then run the installation program.
For additional information about this upgrade please visit http://www.microsoft.com/security/incident/im.mspx.
We apologize for any delay and inconvenience. Thank you for using MSN Messenger.