Microsoft is putting the final touches on a patch to limit an MSN Messenger feature that allowed any Web site to grab a visitor's IM nickname and buddy list. While representatives for the Microsoft Network have said no customers have fallen prey to the potential privacy problem, the group plans to release early next week an updated version of MSN Messenger that fixes the problem. "In order to implement the fix, customers will have to upgrade to the next version of MSN messenger," a representative for the software behemoth said on Friday. The issue occurs because Microsoft designed MSN Messenger to allow JavaScript contained in Web pages to access a customer's buddy list and, for certain Microsoft sites, the e-mail addresses of the person. Software engineer Richard Burton highlighted the privacy implications of the feature in a post to SecurityFocus' BugTraq mailing list recently. The ill-conceived feature comes at a poor time for the software giant. After Microsoft releases the fixed version, MSN Messenger users will receive notification when they start up the application that the new software is ready for download. "The level of risk is considered low," the Microsoft representative said.