Microsoft Windows IIS FTP Service Multiple Vulnerabilities( 14 October 2009 )

Impact

• Denial of Service
• Remote Code Execution

System / Technologies affected

• Microsoft Windows 2000
• Windows XP
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Microsoft Internet Information Services 5.0 (FTP Service 5.0)
• Microsoft Internet Information Services 5.1 (FTP Service 5.1)
• Microsoft Internet Information Services 6.0 (FTP Service 6.0)
• Microsoft Internet Information Services 7.0 (FTP Service 6.0)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

• Microsoft Internet Information Services 5.0 (FTP Service 5.0)
  - Microsoft Windows 2000 Service Pack 4
• Microsoft Internet Information Services 5.1 (FTP Service 5.1)
  - Windows XP Service Pack 2 and Windows XP Service Pack 3
  - Windows XP Professional x64 Edition Service Pack 2
• Microsoft Internet Information Services 6.0 (FTP Service 6.0)
  - Windows Server 2003 Service Pack 2
  - Windows Server 2003 x64 Edition Service Pack 2
  - Windows Server 2003 with SP2 for Itanium-based Systems
• Microsoft Internet Information Services 7.0 (FTP Service 6.0)
  - Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
  - Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
  - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
  - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
  - Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Vulnerability Identifier

• CVE-2009-2521
• CVE-2009-3023

Source

• Microsoft

Related Link

• http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx