And yet another Microsoft Windows Window Message Subsystem Design Error Vulnerability (http://www.securityfocus.com/bid/5408/discussion/). :-\ :-\

The attacker has to have local access so it's rather theoretical.
Dolf

If you have no need for Windows Messenger, it can be turned off. :)

I have no need for it. But why is it there in the first place >:(

And no, I'm not afraid for this vulnerability, my firewall does not contain this vulnerability, it is not even patched, it's a linux box :P

-{ Quote: " quoting: meneer link=board=18;threadid=14482;start=0#msg91467 date=1065167512]
I have no need for it. But why is it there in the first place >:(
" }-


Well, from what I have read in other forums, it appears that Windows Messenger is like spyware, it sends messages back to Microsoft. >:( Many confuse it with MSN Messenger however, they are different & will remove MSN Messenger instead. Cute, eh??


- Fixed quote tags - LWM

No, the "messenger service" is not like spyware. It is a very simple (and old) program which allows network connections into itself solely to pop-up network-based notification messages on attached PCs, which merely results in those terribly intrusive spam ads. The service has no real security built into itself, so you need to either disable it or block connections into it with a firewall. But, it has no capability to send anything back to Microsoft.

The Messenger Service is a lot of things, but it doesn't not spy on your system activity or report anything to Microsoft.

However, please note that the first post in this thread is regarding a flaw in the Win32 API for the handling of "messages" that are passed between Windows (i.e. interprocess communications), and is not about the Messenger Service. It is talking about a method of gaining higher privileges by using the inter window message passing capability, whereby a less privileged window (program) gets a more privileged window to do something on its behalf. This is not related to messenger spam.

Thanks LWM for the clarification. 8)