MS Flaw: Important Security Information: Upgrade to File Transfer Mana


Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Dear Microsoft Customer -

The Microsoft Security Response Center has learned of a security

vulnerability affecting a software component used only by members of

certain Microsoft customer programs. You've received this mail

because you have registered as a member of one of the programs and

may have come in contact with the component that contains the

vulnerability. Microsoft believes that only a small number of

customers actually are at risk, but we do urge you to use the

following information to ensure that your system is secure.

The vulnerability could enable an attacker to gain control over

another user's system. It lies in a software component called the

File Transfer Manager (FTM), the purpose of which is to allow members

of Microsoft beta programs, MSDN, Microsoft Volume Licensing

Services, and a small number of other Microsoft programs to download

software from certain Microsoft sites. The FTM is only distributed

through these programs, but not every member has installed it. Even

among customers who have installed it, not all are at risk, as only

certain versions contain the vulnerability.

Microsoft recommends that all customers receiving this mail determine

whether the FTM is installed on their systems and, if so, ensure that

they have either upgraded to the latest version (FTM 4.0) or removed

the vulnerable version. A web page

(http://transfers.one.microsoft.com/ftm/install) is available that

provides step-by-step instructions for doing this. The entire

process takes only minutes.

We'd like to thank Andrew Tereschenko for identifying the security

vulnerability and working with us as we developed a solution. We at

Microsoft sincerely apologize for any inconvenience, and look forward

to continuing to work with you as a member of a Microsoft customer

program.

Regards,

The Microsoft Security Response Center

-----BEGIN PGP SIGNATURE-----

Version: PGP 7.1

iQEVAwUBPWF5wI0ZSRQxA/UrAQFNeAf/e1gKOSR1pNrUhXstxCPsEYKNWAv0hkrz

LuqpFJhQkNTHVXdQVm0ecl3JbdUvLQxfhlLhESJOIH/CicXh72Q9fPyYPHUaYuFR

DL5KLF4f4iPCU1wiILnIP6R3G26latuowkmeLf0XYnSRWdYvNaQGHM/qgEesSw/C

rrIpzn0faL9e7AXzHxxsZl+0p84YB3fu6UhUEYNGTudfydvlEolcJ85QOK9419VU

5fw5yLh5/dvKUbhsxl69mvcX7vKupkinZI/LfRfk3xFyS7YaoKs7eUX2D5q4nsT4

FsHURmsG8xNiALV/3Hvt1N7uqotzsUKj03v6dj/Q1pB/eNDRInYjPA==

=mhXa

-----END PGP SIGNATURE-----

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.