Monday, September 7, 2009 1:39 AM
Denial of Service attach detailed against IIS 5 / IIS 6 FTP Service
Kingcope has published an exploit to the Bugtraq mailing list for IIS FTP service running on IIS5, IIS6 and IIS7 (when running FTP v6). Note that IIS 7 running FTP v7 and IIS 7.5 are not affected.
Microsoft has an official advisory, and some more details are available on the Secunia blog. My fellow MVPs are not reporting 100% results against every version of IIS FTP, but everyone is advised to follow work arounds on the Microsoft website, and keep an eye out for developments.