{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Edited Version of Microsoft Security Advisory 975191 - 20090908

Edited Version of Microsoft Security Advisory 975191 - 20090908

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Microsoft Security Advisory (975191) Vulnerabilities in the FTP Service in Internet Information Services Published: September 01, 2009  |  Updated: September 03, 2009 Version:  2.0 General Information Executive Summary Microsoft is investigating  new public reports of vulnerabilities in the  FTP Service in  Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services  (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. The vulnerabilities could allow  remote code execution (RCE)  on systems  running FTP Service on IIS 5.0, or  denial of service (DoS) on  systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0. Microsoft is aware that detailed exploit code has been published on the Internet for these vulnerabilities. Microsoft is currently aware of limited attacks that use this exploit  code. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. We are actively working with partners in our  Microsoft Active Protections Program  (MAPP) to provide information that they can use to provide broader protections to  customers. Upon completion of this investigation,  Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our  monthly release process or providing an out-of-cycle security update, depending on customer needs. These vulnerabilities were not responsibly disclosed to Microsoft and may put computer users at risk. We continue to encourage responsible disclosure of vulnerabilities.  We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers  receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed. Advisory Details Issue References For more information about this issue, see the following references: References Identification CERT Reference VU#276653 CVE Reference CVE-2009-3023  (RCE on IIS 5.0 and DoS on IIS 5.1 and IIS 6.0) CVE-2009-2521  (DoS on IIS 5.0, IIS 5.1, IIS 6.0, and IIS 7.0) Microsoft Knowledge Base Article 975191 Microsoft Security Advisory (975191) Page 1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Affected and Non-Affected Software This advisory discusses the following software. Affected Software Operating System Component Microsoft Windows 2000 Service Pack 4 Microsoft Internet Information Services 5.0 (FTP Service 5.0) Windows XP Service Pack 2 and Windows XP Service Pack 3 Microsoft Internet Information Services 5.1 (FTP Service 5.1) Windows XP Professional x64 Edition Service Pack 2 Microsoft Internet Information Services 6.0 (FTP Service 6.0)
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern