Microsoft Windows Messenger Service Social Engineering Weakness
High Nessus Plugin ID 10458
SynopsisThe remote service allows users to send pop-up messages to each other.
DescriptionThe messenger service is running. This service allows NT users to send pop-up messages to each other.
This service can be abused by anyone who can trick valid users into doing some actions that may harm their accounts or your network (social engineering attack).
SolutionDisable this service.
How to disable this service under NT 4 :
- open the 'Services' control panel
- select the 'messenger' service, and click 'Stop'
- click on 'Startup...' and change to radio button of the field 'Startup Type' from 'Automatic' to 'Disabled'
Under Windows 2000 :
- open the 'Administration tools' control panel
- open the 'Services' item in it
- double click on the 'messenger' service
- click on 'stop'
- change the drop-down menu value from the field 'Startup Type' from 'Automatic' to 'Disabled'