Microsoft Security Advisory (975191)

[pete319]

Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution
Published or Last Updated: 9/1/2009

For more details visit:http://www.calendarofupdates.com/updates/index.php?showtopic=22546

[CharleyO]

***

Thanks for the info, pete.


***

[pete319]

***

Thanks for the info, pete.


***

Your welcome CharleyO 

[Alan Baxter]

Thank you for letting us know, Pete. I'm glad you gave me a heads-up so I could check it out. It looks like those of us that aren't actually running an FTP service on a vulnerable system are safe. That's probably most of us, fortunately.  (See Mitigating Factors below if you're running XP or Server 2003.)

Affected Software: Operating System | Component

Microsoft Windows 2000 Service Pack 4 | Microsoft Internet Information Services 5.0
Windows XP Service Pack 2 and Windows XP Service Pack 3 | Microsoft Internet Information Services 5.1
Windows XP Service x64 Edition Service Pack 2 | Microsoft Internet Information Services 6.0
Windows Server 2003 Service Pack 2 | Microsoft Internet Information Services 6.0
Windows Server 2003 x64 Edition Service Pack 2 | Microsoft Internet Information Services 6.0
Windows Server 2003 with SP2 for Itanium-based Systems | Microsoft Internet Information Services 6.0

http://www.microsoft.com/technet/security/advisory/975191.mspx

Mitigating Factors

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:
•   

FTP service is not installed by default on all supported editions of Windows XP or Windows Server 2003. However, FTP service is installed by default on all supported editions of Microsoft Windows 2000 and all supported editions of Windows Small Business Server 2003.

[pete319]

Thanks Alan for the added info in your reply