According to the summary information provided, Microsoft is aware that detailed exploit code has been published on the Internet for this vulnerability but is not currently aware of active attacks that use this exploit code or of customer impact at this time. Active monitoring continues.
Windows Vista, Windows 7 and Windows Server 2008 are not affected. However, Microsoft Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are impacted.
For additional details and workarounds, see the following:
- TechNet: Microsoft Security Advisory (975191): Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution.
- MSRC Blog, Microsoft Security Advisory 975191 Released
- Security Research & Defense Blog: New vulnerability in IIS5 and IIS6.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...