I just thought I'd give you all a quick heads-up. Recently a vulnerability was found in the windows messaging service (not the same as windows messenger). This service is enabled by default on all versions of windows since I think win98. Microsoft classified the vulnerability as MS0343.
The bad part is that working exploit code is now out in the underground, and it might be possible to use the exploit code in a worm. You don't need to patch anything, you can safely disable this service like this :
1. Click start >> run >> type services.msc and press enter
2. Find the service called 'Messenger' and double click it,
3. Press 'stop'
4. Change the startup type to 'disabled'
For those of you on AOL or some other services, this will also stop those annoying popup dialog boxes that come up.
Btw for those who are interested in buffer overflows. I will be posting the proof of concept code to my website.
Re: Windows Messaging Service Vulnerability
14 years 8 months ago #1486
If you use messaging, windows or aol, you also have vulnerabilities in the your messages typically get sent in cleartext which is able to be seen by anyone with a sniffer. So need to be careful what you send - like logons or passwords.