Security update released for FTP 7.0 and FTP 7.5 0-day

In the later half of December 2010, an FTP 7.X exploit was published on http://www.exploit-db.com/exploits/15803/.

We posted a risk assessment in a blog on the Security Research and Defense team’s blog http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx

This issue now has a fix available http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx. Please make note of the known issues for patching on Windows Server 2008 Server Core in http://support.microsoft.com/kb/2489256. The fix is available for both the Download Center version of FTP and the optional component in Windows 7 and Windows Server 2008 R2.

You can find more information on this issue on http://blogs.technet.com/b/srd/archive/2011/02/08/regarding-ms11-004-addressing-an-iis-ftp-services-vulnerability.aspx