Re: File Transfer Manager (FTM) vulnerablity???

From: Jim Corio (jimmy@yuppieghetto.com)
Date: 08/29/02


From: jimmy@yuppieghetto.com (Jim Corio)
Date: 29 Aug 2002 07:56:59 -0700


Seeing as you can vouch for the validity, can you provide any
information to the vulnerability? May we already have mitigating
processes in place to prevent exploitation? I don't feel comfortable
putting a patch on just because a vendor says to... I need to
understand where the vulnerability is and to what extent it can be
exploited.

Is there someplace that has this type of information.

Jim

"Rich Benack [MS]" <richbe@online.microsoft.com> wrote in message news:<O9hd3KjSCHA.2392@tkmsftngp13>...
> Please be advised that this mailing is indeed a valid Microsoft Security
> Response Center mailing concerning a security vulnerability in a Microsoft
> product. Due to the targeted ability of Microsoft to reach all of the
> subscribers to this service, because registration for File Transfer Manager
> is required, the Microsoft Security Response Center did not issue a Security
> Bulletin for this alert. You can always however verify the integrity of
> mailings from the Microsoft Security Response Center by verifying the PGP
> Key with which the mailing is signed.
>
> Rich
>
> This posting is provided "AS IS" with no warranties, and confers no rights
>
>
> "Michael Weiss" <FooWeissBarMike@hotmail.com> wrote in message
> news:#QEbZ8ESCHA.1672@tkmsftngp12...
> > I received this email below, is this legit?
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Dear Microsoft Customer -
> >
> > The Microsoft Security Response Center has learned of a security
> >
> > vulnerability affecting a software component used only by members of
> >
> > certain Microsoft customer programs. You've received this mail
> >
> > because you have registered as a member of one of the programs and
> >
> > may have come in contact with the component that contains the
> >
> > vulnerability. Microsoft believes that only a small number of
> >
> > customers actually are at risk, but we do urge you to use the
> >
> > following information to ensure that your system is secure.
> >
> >
> > The vulnerability could enable an attacker to gain control over
> >
> > another user's system. It lies in a software component called the
> >
> > File Transfer Manager (FTM), the purpose of which is to allow members
> >
> > of Microsoft beta programs, MSDN, Microsoft Volume Licensing
> >
> > Services, and a small number of other Microsoft programs to download
> >
> > software from certain Microsoft sites. The FTM is only distributed
> >
> > through these programs, but not every member has installed it. Even
> >
> > among customers who have installed it, not all are at risk, as only
> >
> > certain versions contain the vulnerability.
> >
> > Microsoft recommends that all customers receiving this mail determine
> >
> > whether the FTM is installed on their systems and, if so, ensure that
> >
> > they have either upgraded to the latest version (FTM 4.0) or removed
> >
> > the vulnerable version. A web page
> >
> > (http://transfers.one.microsoft.com/ftm/install) is available that
> >
> > provides step-by-step instructions for doing this. The entire
> >
> > process takes only minutes.
> >
> >
> > We'd like to thank Andrew Tereschenko for identifying the security
> >
> > vulnerability and working with us as we developed a solution. We at
> >
> > Microsoft sincerely apologize for any inconvenience, and look forward
> >
> > to continuing to work with you as a member of a Microsoft customer
> >
> > program.
> >
> >
> >
> > Regards,
> >
> > The Microsoft Security Response Center
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > Version: PGP 7.1
> >
> > iQEVAwUBPWF5wI0ZSRQxA/UrAQFNeAf/e1gKOSR1pNrUhXstxCPsEYKNWAv0hkrz
> >
> > LuqpFJhQkNTHVXdQVm0ecl3JbdUvLQxfhlLhESJOIH/CicXh72Q9fPyYPHUaYuFR
> >
> > DL5KLF4f4iPCU1wiILnIP6R3G26latuowkmeLf0XYnSRWdYvNaQGHM/qgEesSw/C
> >
> > rrIpzn0faL9e7AXzHxxsZl+0p84YB3fu6UhUEYNGTudfydvlEolcJ85QOK9419VU
> >
> > 5fw5yLh5/dvKUbhsxl69mvcX7vKupkinZI/LfRfk3xFyS7YaoKs7eUX2D5q4nsT4
> >
> > FsHURmsG8xNiALV/3Hvt1N7uqotzsUKj03v6dj/Q1pB/eNDRInYjPA==
> >
> > =mhXa
> >
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> >
> > *******************************************************************
> >
> > You have received this e-mail bulletin because you are a member of one or
> > more Microsoft customer programs that distribute the File Transfer
> Manager.
> > You have not been subscribed to any newsletters; this is a one-time
> mailing.
> >
> >
> > To verify the digital signature on this bulletin, please download our PGP
> > key at http://www.microsoft.com/technet/security/notify.asp.
> >
> >
> > For security-related information about Microsoft products, please visit
> the
> > Microsoft Security web site at http://www.microsoft.com/security.
> >
> >
> >



Relevant Pages

  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #83
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #81
    ... MICROSOFT VULNERABILITY SUMMARY ... WWWIsis Remote Command Execution Vulnerability ... Windows NT 4.0 Print Spooler Security ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #336
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Unspecified Remote Code Execution Vulnerability ... Microsoft Windows Explorer BMP Image Denial of Service Vulnerability ... An attacker could leverage this issue to have arbitrary code execute with kernel level privileges. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #185
    ... NEW MICROSOFT VULNERABILITIES - Audit Your Network Security ... SurgeLDAP User.CGI Directory Traversal Vulnerability ... Microsoft Windows H.323 Remote Buffer Overflow Vulnerability ... Microsoft Jet Database Engine Remote Code Execution Vulnerab... ...
    (Focus-Microsoft)