Check Point Advisories

Security Best Practice: Blocking MSN Messenger

Vulnerability
Protection

Check Point Reference:	SBP-2006-20
Date Published:	16 Jul 2006
Severity:	Medium
Last Updated:	Sunday 01 January, 2006
Source:	SmartDefense Research Center
Protection Provided by:
Who is Vulnerable?	MSN Messenger users
Vulnerability Description	Instant Messaging applications allow communication and collaboration between Internet users using various modes of communication, including instant messages exchange, voice and video, application sharing, white board, file transfer and remote assistance. Windows Live Messenger, formerly and still commonly known as MSN Messenger or MSN, is a freeware instant messaging client for Microsoft Windows. It is part of Microsoft's Windows Live set of online services. MSN Messenger Live has many features including offline conversations, the possibility to share files with other users and more. IPS/SmartDefense allows you to block MSN Messenger or its applications selectively.
Vulnerability Details	Some organizations prefer to prevent their employees from using Instant Messaging applications, since many Instant Messaging applications are prone to multiple vulnerabilities. The impacts of these vulnerabilities could range from modifying data in a victim's friend list, to a denial of service attack, to the execution of malicious code on a victim's system. In addition, Instant Messaging capabilities such as file transfer are a potential source of virus and worm infections. Instant messaging applications may risk an organization's security in the following ways: 1. Vulnerabilities in IM applications could be exploited to compromise a user's system.   2. The file transfer capability could be exploited by worms to infect a user's system. 3. Using voice data along with file transfers may result in excessive bandwidth utilization.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our .