mandatory This is just an F.Y.I.  If you use a version of Windows Live Messenger or MSN Messenger other than the most recent Live Messenger version 8.1 on Windows XP or Vista, you’re going to be forced to upgrade within the next few weeks. The security PM for Windows Live Messenger, Anand says the reason behind the upgrade is because "There is a security vulnerability in the earlier versions – MSN Messenger 6.2, 7.0, 7.5, and Windows Live Messenger 8.0."

According to security bulletin MS07-054: "Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099).  This vulnerability, which has been fixed in 8.1 and the beta version 8.5 could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system."

For some of you, this isn’t a big deal because you already keep up with the latest versions, however, for others of you, this means change is in store. If you’re using  MSN messenger, particularly version 6.2, it was last updated back in 2005 and it’s quite a bit different in terms of its interface and some of the features. In general, anyone unfamiliar with the new Live Messenger (compared to MSN messenger) will have to get used to it.

The reason behind the mandatory upgrade is a security vulnerability, so Microsoft needs to find a way to keep their users safe. When they start the upgrade process, any user who has an older version will be guided through updating to the latest version. They will not be allowed to log in until they’re using 8.1. To me at least, this mandatory upgrade really doesn’t seem like it’s an issue, however it is for others.  In fact, there’s a petition (although it only has 31 signatures at the moment) found here asking that the mandatory upgrade be withdrawn because "many members dislike the Windows Live version, and wish to stay with their MSN Messenger version. Shouldn’t members be allowed to choose what they want, even knowing there is a security risk?"

So what do you think? Should users simply be informed that there is a security risk and then be allowed to choose whether or not they want to make the upgrade? Or is Microsoft right for forcing everybody to upgrade to their most recent, most secure version?

Source: LiveSide