The flaw lies in MSN Messenger's video chat component found in versions 7.x and 6.x of the IM client and could allow an attacker to remotely execute code on a user's system. Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels. A Microsoft spokesperson stated:
"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue. As a best practice, we always recommend running the most recent version of Windows Live Messenger for the latest security and reliability updates."
Proof-of-concept exploit for this vulnerability is publicly available online, a factor that makes launching an attack far more plausible. No fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later.