ZDnet reported that MSN Messenger is vulnerable to a critical high webcam flaw that can exploit to cause a heap-based buffer overflow via specially crafted data sent to a user. Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation. Microsoft urged all MSN users to update to Windows Live Messenger 8.1 or later as in the investigation, it shows that this version onwards is not vulnerable to the flaw.

Below is what Microsoft spokesman said

Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue, he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007, the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

Good news to Kaspersky fans including myself. In their forum, one of the pioneer beta tester reported that a new version of Kaspersky’s security products are in development and will release for beta-testing in Fall and plan to release officially in 2008. They have included some most powerful technologies that no other antivirus developer is using currently.

The following is what reported in the forum :

• Personal line up of version 8 products will be released in 2008. Beta testing will start in Winter. Forum testing in Fall.
• Version 8 is based on in-house new protection concepts and technologies, which have no current analogies on the market as we know it.
• For now requirements and standards for the first version are completed. The product is in active development stage.
• The core team contains the same people who brought you version 6.0. However some additional members from 7.0 joined development forces with us.
• Some improvements planned for v8 will be included in v7 MP1, which will be released by the end of this year.
• During v8 testing the particular attention will be paid to the forum threads. A separate KL team member will be allocated just for reading your suggestions and bug reports (in addition to all other KL members, which are already present on the forum)
• In v8 we are planning to use several new technologies, which are developed cooperatively together with KL and other companies
• The new GUI is again rewritten from scratch. Only small components of v6/7 are utlized
• The main window is completely brand new and changed as compared to version 7.
• The number components in the main navigator window is currently counted as six.
• In the product interface it is planned to use graphical objects for dynamic and additional statistical information display
• The product plans to utilize several online-services
• Wi-Fi networks and protection routines will be expanded as compared to previous versions.
• One of the product option, will perform a through inspection for maximum details through certain defined inspection points.