Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
MSN Messenger forced upgrade
From: Jason Clishe (jclisheNUSOFTSOLUTIONS.COM)
Date: Fri Dec 05 2003 - 08:35:46 CST
Apparently Microsoft is forcing its MSN Messenger 6.1.01xx users to
upgrade to MSN Messenger 6.1.0203. The nature of this forced upgrade
smells suspiciously like some sort of security vulnerablity that they
don't want to announce. Most troubling is the nature in which Microsoft
handled this upgrade.
As of some time last yesterday afternoon (EST), when a user attempted
to sign in using version 6.1.01xx, you were presented with a window
informing you that you MUST upgrade to version 6.1 in order to continue.
You are given the option to go ahead with the upgrade, or do not upgrade
and therefore do not login. You also have a "Whats New" link that you
would assume would take you to a page that describes why you need to
proceed with this forced upgrade. That's what you'd think anyway.
Unfortunately, this link just takes you to the original version 6.1
major release page, dated October 23, and provides absolutely no
information regarding the forced upgrade. In fact, navigating through
the entire MSN Messenger site yields absolutely no information regarding
this new application that you are being forced to install.
Obviously, at this point I was suspicious as to whether this was in fact
a Microsoft upgrade, or some sort of trojan. I headed over to
microsoft.public.msn.messenger, assuming that there would be some
dialogue already underway about this, and sure enough there was. At
least one MVP confirmed that this was a legitimate upgrade from
Microsoft, but with absolutely no information about why this upgrade was
being forced, and why it was only being forced to current 6.1.01xx
As an added bonus, posts are beginning to pile up this morning on
m.p.m.m regarding all sorts of problems that users are having with this
So in a nutshell, Microsoft forces a Messenger upgrade, provides
absolutely no information about what the upgrade fixes, and the
upgrade itself presents bugs that weren't previously there.
Does Microsoft care to comment?
 Apparently this upgrade must fix something relatively severe, if
Microsoft is taking steps to actively prevent version 6.1.01xx from
begin logged into the Messenger network.
Senior Network Engineer
NuSoft Solutions, Inc.
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.