Microsoft confirm flaw in File Transfer Protocol (FTP)

Microsoft has recently confirmed that there is a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) versions 5.0, 5.1 and 6.0. To find out more about this exploit we suggest you visit Microsoft

Currently there is no patch, so Microsoft recommends that administrators prevent untrusted users from having write access to the FTP service. The advisory (see link below) contains instructions to:

  • Turn off the FTP service if you do not need it
  • Prevent creation of new directories using NTFS ACLs
  • Prevent anonymous users from writing via IIS settings
Sys Admins should also check: Microsoft Advisory
Sys Admins will no doubt prevent untrusted users from having write access to the FTP service, so to be honest this is more a ‘flaw’ than an ‘exploit’ and most Sys Admins will know what has to be done. Most home users will not even know what FTP is let alone even use it if they did.

Safe surfing folks!
Julian

This entry was posted in malware, windows. Bookmark the permalink.

2 Responses to Microsoft confirm flaw in File Transfer Protocol (FTP)

  1. Sanjay Kumar says:

    I am Sanjay Kumar from India at Delhi. I would like to know how we are protect our FTP Account and how we create external FTP account.

    I don't know about external FTP account bu my website: http://www.moneyinhands.com is infected during the FTP login, so please suggest me properly which types of steps we do follow to ignore this problem in future.

  2. Julian says:

    Please contact our support team: "support at id-theftprotect.co.uk" who will suggest ways to remove and stop this problem.

Leave a Reply

Your email address will not be published. Required fields are marked *