Microsoft IIS FTP Server Vulnerability

A vulnerability in Microsoft’s IIS FTP server has been reported. IIS version 7.5 is vulnerable. It is unknown at this point if other IIS versions are affected. No patch is available yet. Exploit code is publicly available, but results in a of denial of service condition only at this point. Microsoft indicates that remote code execution is unlikely. The IIS FTP service is not installed by default.

References:
http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx
http://www.securityfocus.com/bid/45542

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply