Microsoft has warned members of its developer network and beta and
volume licensing programs about a vulnerability in some older
versions of the File Transfer Manager component they may be using
to download software from Microsoft sites.
The vulnerability could enable an intruder to gain control over a
user's system, according to an e-mail Microsoft said it issued
yesterday (21 August) to potential users of its File Transfer
Manager.
A Microsoft spokesman said the company believes no more than a "few
thousand users" are now at risk. Figures show the "vast majority"
of users have downloaded the 4.0 version of the File Transfer
Manager that has been available since June and is not considered
vulnerable.
"We believe that no more than about 50,000 users were ever exposed
to the vulnerable control. Of that 50,000, there's reason to be
believe that the vast majority had already upgraded," the company
said.
Despite this, Microsoft urged all users of its developer network
and beta and volume licensing programs to determine if the File
Transfer Manager is installed on their systems.
If it is, those users are advised to either upgrade to the latest
4.0 version of the File Transfer Manager or remove the vulnerable
version by following step-by-step instructions that can be found
online.