File Transfer Manager (FTM) vulnerablity???

From: Michael Weiss (FooWeissBarMike@hotmail.com)
Date: 08/20/02


From: "Michael Weiss" <FooWeissBarMike@hotmail.com>
Date: Tue, 20 Aug 2002 09:37:00 -0400


I received this email below, is this legit?

-----BEGIN PGP SIGNED MESSAGE-----

Dear Microsoft Customer -

The Microsoft Security Response Center has learned of a security

vulnerability affecting a software component used only by members of

certain Microsoft customer programs. You've received this mail

because you have registered as a member of one of the programs and

may have come in contact with the component that contains the

vulnerability. Microsoft believes that only a small number of

customers actually are at risk, but we do urge you to use the

following information to ensure that your system is secure.

The vulnerability could enable an attacker to gain control over

another user's system. It lies in a software component called the

File Transfer Manager (FTM), the purpose of which is to allow members

of Microsoft beta programs, MSDN, Microsoft Volume Licensing

Services, and a small number of other Microsoft programs to download

software from certain Microsoft sites. The FTM is only distributed

through these programs, but not every member has installed it. Even

among customers who have installed it, not all are at risk, as only

certain versions contain the vulnerability.

Microsoft recommends that all customers receiving this mail determine

whether the FTM is installed on their systems and, if so, ensure that

they have either upgraded to the latest version (FTM 4.0) or removed

the vulnerable version. A web page

(http://transfers.one.microsoft.com/ftm/install) is available that

provides step-by-step instructions for doing this. The entire

process takes only minutes.

We'd like to thank Andrew Tereschenko for identifying the security

vulnerability and working with us as we developed a solution. We at

Microsoft sincerely apologize for any inconvenience, and look forward

to continuing to work with you as a member of a Microsoft customer

program.

Regards,

The Microsoft Security Response Center

-----BEGIN PGP SIGNATURE-----

Version: PGP 7.1

iQEVAwUBPWF5wI0ZSRQxA/UrAQFNeAf/e1gKOSR1pNrUhXstxCPsEYKNWAv0hkrz

LuqpFJhQkNTHVXdQVm0ecl3JbdUvLQxfhlLhESJOIH/CicXh72Q9fPyYPHUaYuFR

DL5KLF4f4iPCU1wiILnIP6R3G26latuowkmeLf0XYnSRWdYvNaQGHM/qgEesSw/C

rrIpzn0faL9e7AXzHxxsZl+0p84YB3fu6UhUEYNGTudfydvlEolcJ85QOK9419VU

5fw5yLh5/dvKUbhsxl69mvcX7vKupkinZI/LfRfk3xFyS7YaoKs7eUX2D5q4nsT4

FsHURmsG8xNiALV/3Hvt1N7uqotzsUKj03v6dj/Q1pB/eNDRInYjPA==

=mhXa

-----END PGP SIGNATURE-----

*******************************************************************

You have received this e-mail bulletin because you are a member of one or
more Microsoft customer programs that distribute the File Transfer Manager.
You have not been subscribed to any newsletters; this is a one-time mailing.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For security-related information about Microsoft products, please visit the
Microsoft Security web site at http://www.microsoft.com/security.



Relevant Pages

  • Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability
    ... Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability ... to remote xss attacks. ... The security risk of the client side cross site scripting vulnerability in the microsoft security web application is estimated as low|medium. ...
    (Bugtraq)
  • [Full-disclosure] Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability
    ... Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability ... to remote xss attacks. ... The security risk of the client side cross site scripting vulnerability in the microsoft security web application is estimated as low|medium. ...
    (Full-Disclosure)
  • Re: File Transfer Manager (FTM) vulnerablity???
    ... Please be advised that this mailing is indeed a valid Microsoft Security ... Response Center mailing concerning a security vulnerability in a Microsoft ... the Microsoft Security Response Center did not issue a Security ...
    (microsoft.public.security)
  • Re: Microsoft Security Bulletin MS03-039 -
    ... This is a NEW PATCH for a NEW VULNERABILITY, ... >> The Microsoft Security Response Center has released Microsoft Security ...
    (microsoft.public.security)
  • Re: File Transfer Manager (FTM) vulnerablity???
    ... There is no security bulletin ... > The Microsoft Security Response Center has learned of a security ... > certain Microsoft customer programs. ... but not every member has installed it. ...
    (microsoft.public.security)