Microsoft has managed to put itself in an uncomfortable position after serving malicious code to Windows Live Messenger users via ads embedded in the instant messaging client. According to the Redmond Company, actions were taken swiftly in order to remove an advertisement banner featured for several days in the IM program that pointed to a “security” solution delivering anything but security.

“We have learned that Microsoft was notified of malware that was being served through ads placed in Windows Live Messenger banners. As a result of this notification Microsoft immediately investigated the reports and removed the offending ads, as this is a violation of Microsoft’s ad serving policy. Microsoft can confirm that the ads are no longer being served by any Microsoft system,” said Whitney Burk, a company PR manager.

The banners in Windows Live Messenger were pushing Errorsafe, also known as Winfixer, an application that has been labeled as a potentially unwanted program or a security risk. Additionally, the Redmond Company has also SystemDoctor 2006, a rogue antispyware/malware application installed by malware.

“Microsoft apologizes for the inconvenience and is reviewing it’s ad approval process to reduce the chance of an occurrence such as this happening again. To help customers protect their PCs from malware threats, Microsoft recommends customers follow our Protect your PC guidance at,” Burk added.

The bottom line is: exercise caution when deploying security solutions backed by unknown or untrusted developers. The fact that Errorsafe/Winfixer was advertised via Windows Live Messenger means that other legitimate services and applications could serve as attack vectors.