Re: File Transfer Manager (FTM) vulnerablity???

From: Joe Newell (joen@_removethisheretext_bluelightsw.com)
Date: 08/20/02


From: "Joe Newell" <joen@_removethisheretext_bluelightsw.com>
Date: Tue, 20 Aug 2002 13:47:58 -0600


FWIW, I'm a little wary of its authenticity. There is no security bulletin
number, a Google search turns up no info and I can find no reference to it
on the bug track/security sites.

---joe

"Michael Weiss" <FooWeissBarMike@hotmail.com> wrote in message
news:#QEbZ8ESCHA.1672@tkmsftngp12...
> I received this email below, is this legit?
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Dear Microsoft Customer -
>
> The Microsoft Security Response Center has learned of a security
>
> vulnerability affecting a software component used only by members of
>
> certain Microsoft customer programs. You've received this mail
>
> because you have registered as a member of one of the programs and
>
> may have come in contact with the component that contains the
>
> vulnerability. Microsoft believes that only a small number of
>
> customers actually are at risk, but we do urge you to use the
>
> following information to ensure that your system is secure.
>
>
> The vulnerability could enable an attacker to gain control over
>
> another user's system. It lies in a software component called the
>
> File Transfer Manager (FTM), the purpose of which is to allow members
>
> of Microsoft beta programs, MSDN, Microsoft Volume Licensing
>
> Services, and a small number of other Microsoft programs to download
>
> software from certain Microsoft sites. The FTM is only distributed
>
> through these programs, but not every member has installed it. Even
>
> among customers who have installed it, not all are at risk, as only
>
> certain versions contain the vulnerability.
>
> Microsoft recommends that all customers receiving this mail determine
>
> whether the FTM is installed on their systems and, if so, ensure that
>
> they have either upgraded to the latest version (FTM 4.0) or removed
>
> the vulnerable version. A web page
>
> (http://transfers.one.microsoft.com/ftm/install) is available that
>
> provides step-by-step instructions for doing this. The entire
>
> process takes only minutes.
>
>
> We'd like to thank Andrew Tereschenko for identifying the security
>
> vulnerability and working with us as we developed a solution. We at
>
> Microsoft sincerely apologize for any inconvenience, and look forward
>
> to continuing to work with you as a member of a Microsoft customer
>
> program.
>
>
>
> Regards,
>
> The Microsoft Security Response Center
>
> -----BEGIN PGP SIGNATURE-----
>
> Version: PGP 7.1
>
> iQEVAwUBPWF5wI0ZSRQxA/UrAQFNeAf/e1gKOSR1pNrUhXstxCPsEYKNWAv0hkrz
>
> LuqpFJhQkNTHVXdQVm0ecl3JbdUvLQxfhlLhESJOIH/CicXh72Q9fPyYPHUaYuFR
>
> DL5KLF4f4iPCU1wiILnIP6R3G26latuowkmeLf0XYnSRWdYvNaQGHM/qgEesSw/C
>
> rrIpzn0faL9e7AXzHxxsZl+0p84YB3fu6UhUEYNGTudfydvlEolcJ85QOK9419VU
>
> 5fw5yLh5/dvKUbhsxl69mvcX7vKupkinZI/LfRfk3xFyS7YaoKs7eUX2D5q4nsT4
>
> FsHURmsG8xNiALV/3Hvt1N7uqotzsUKj03v6dj/Q1pB/eNDRInYjPA==
>
> =mhXa
>
> -----END PGP SIGNATURE-----
>
>
>
>
>
> *******************************************************************
>
> You have received this e-mail bulletin because you are a member of one or
> more Microsoft customer programs that distribute the File Transfer
Manager.
> You have not been subscribed to any newsletters; this is a one-time
mailing.
>
>
> To verify the digital signature on this bulletin, please download our PGP
> key at http://www.microsoft.com/technet/security/notify.asp.
>
>
> For security-related information about Microsoft products, please visit
the
> Microsoft Security web site at http://www.microsoft.com/security.
>
>
>



Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter #75
    ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #117
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Mollensoft Software Enceladus Server Suite Directory Traversal... ... An attacker is able to traverse outside of the established web root by ...
    (Focus-Microsoft)
  • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
    ... Now if the geeks over at Microsoft could get "infected" with some of this ... The Internet is already mind blowing in the way it can bring people ... that creates an unacceptable risk of security compromise and we need to shut ... down all Internet browsing with IE. ...
    (microsoft.public.security)