This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Microsoft Security Advisory (975191) Vulnerabilities in the FTP Service in Internet Information Services Published: September 01, 2009 | Updated: September 03, 2009 Version: 2.0 General Information Executive Summary Microsoft is investigating new public reports of vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0. Microsoft is aware that detailed exploit code has been published on the Internet for these vulnerabilities. Microsoft is currently aware of limited attacks that use this exploit code. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. These vulnerabilities were not responsibly disclosed to Microsoft and may put computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed. Advisory Details Issue References For more information about this issue, see the following references: References Identification CERT Reference VU#276653 CVE Reference CVE-2009-3023 (RCE on IIS 5.0 and DoS on IIS 5.1 and IIS 6.0) CVE-2009-2521 (DoS on IIS 5.0, IIS 5.1, IIS 6.0, and IIS 7.0) Microsoft Knowledge Base Article 975191 Microsoft Security Advisory (975191) Page 1 Affected and Non-Affected Software This advisory discusses the following software....
View Full Document
This document was uploaded on 12/05/2009.
- Spring '09
- Computer Security