According to CNet Microsoft readies for the release of a patch to eliminate a security flaw in Windows Messenger. The issue resided in the ability that allowed any Web site to grab a visitor's IM nickname and buddy list. The release of the patch is scheduled sometime "early next week". "In order to implement the fix, customers will have to upgrade to the next version of MSN messenger," a representative for Microsoft said on Friday. Check with the MSN Messenger site from time to time. Microsoft also promised that users will receive an automated info as soon as they fire up the software. Read more...

The issue occurs because Microsoft designed MSN Messenger to allow JavaScript contained in Web pages to access a customer's buddy list and, for certain Microsoft sites, the e-mail addresses of the person. "The level of risk is considered low," the Microsoft representative said.