Microsoft fixes vulnerability in Download Software

August 22, 2002

Media giant on Tuesday warned developers and select users of a security vulnerability in utility they used to download software from Microsoft Web sites. The flaw could allow an attacker to take over vulnerable systems, according to a security alert distributed by Microsoft on Tuesday. Microsoft says it believes that only a small number of its customers are affected by the flaw.

The vulnerability is in the File Transfer Manager (FTM) program that is used to automatically download software for use with some Microsoft services. FTM is distributed to beta testers, companies participating in volume licensing programs and Microsoft Developer Network (MSDN) subscribers.

To fix the vulnerability, Microsoft strongly urges customers using FTM to upgrade to the newest version. Microsoft released the new version, FTM 4.0.0.72, in late June. Affected customers can download the new version from Microsoft's FTM Web site.

In its alert to customers, Microsoft thanked Russian programmer Andrew Tereschenko for identifying the security flaw, which the company would not clearly identify.

Microsoft has been issuing security alerts on a quite frequent basis since January, when Bill Gates made security a top priority for the company. Microsoft's security Web site lists 41 alerts issued so far this year compared to about 46 for the same period a year ago. The most vulnerable applications seem to be Internet Explorer browser and Outlook email client.