Microsoft confirm flaw in File Transfer Protocol (FTP)
Microsoft has recently confirmed that there is a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) versions 5.0, 5.1 and 6.0. To find out more about this exploit we suggest you visit Microsoft
Currently there is no patch, so Microsoft recommends that administrators prevent untrusted users from having write access to the FTP service. The advisory (see link below) contains instructions to:
- Turn off the FTP service if you do not need it
- Prevent creation of new directories using NTFS ACLs
- Prevent anonymous users from writing via IIS settings
Sys Admins will no doubt prevent untrusted users from having write access to the FTP service, so to be honest this is more a ‘flaw’ than an ‘exploit’ and most Sys Admins will know what has to be done. Most home users will not even know what FTP is let alone even use it if they did.
Safe surfing folks!
This entry was posted in malware
. Bookmark the permalink