Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Security Advisory 975191 Revised


04 Sep 2009   #1

 
Microsoft Security Advisory 975191 Revised

Quote:
Hi Everyone,



Today we updated Security Advisory 975191as we are now seeing limited attacks. Additionally, a new proof of concept published allowing for Denial of Service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service. This does not require Write access. Also, a new POC allowing DoS was disclosed this afternoon that affects the version of FTP 6 which shipped with Windows Vista and Windows Server 2008. Customers should be aware that the Download Center has FTP 7.5 available for Windows Vista and Windows Server 2008. FTP 7.5 is not vulnerable to any of these exploits.

The initial vulnerability was not responsibly disclosed to Microsoft, which has led to limited, active attacks putting customers at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.



Microsoft recommends customers review and implement the workarounds provided in the Advisory under the Workaround section. More information on suggested actions can be found in Microsoft Knowledge Base Article 975191.



While these workarounds do not completely mitigate the threat of DoS, we’re currently investigating the issue as part of our Software Security Incident Response Process (SSIRP) and working to develop a security update. This update will be released once it reaches an appropriate level of quality for broad distribution.

Additionally, we are actively working with partners in our Microsoft Active Protections Program (MAPP) as well as the Microsoft Security Response Alliance (MSRA) to share information that they can use to provide broader protections to customers.



For more technical details on the advisory, please see what our colleagues have written on Microsoft’s Internet Information Services (IIS) blog here: Microsoft IIS Blog. As always, be sure to check back here on the Microsoft Security Response Center (MSRC) blog or in the advisory for any additional information or updates that develop.



Thank you,

Alan Wallace



*This posting is provided "AS IS" with no warranties, and confers no rights*



More...

My System SpecsSystem Spec
.

Reply

 Microsoft Security Advisory 975191 Revised




Thread Tools



Similar help and support threads for2: Microsoft Security Advisory 975191 Revised
Thread Forum
Microsoft Security Advisory (2490606) Windows Updates & Activation
Microsoft Security Advisory (2488013) Windows Updates & Activation
Microsoft Security Advisory (2286198) News
Microsoft Security Advisory (980088) System Security
IE Microsoft Security Advisory (979352) Browsers & Mail
Microsoft Security Advisory 975191 Released News
Microsoft Security Advisory 973882, Microsoft Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:12 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33