- Microsoft this week warned members of its developer network and beta and volume licensing programs about a vulnerability in certain older versions of the File Transfer Manager component they may be using to download software from its relevant sites.
The vulnerability could enable an intruder to gain control over a user's system, according to the email Microsoft said it issued yesterday to potential users of its File Transfer Manager.
Casey McGee, a spokesman for Microsoft's Waggener Edstrom public relations firm, says the company believes no more than a "few thousand users" are now at risk. Figures show the "vast majority" of users have downloaded the 4.0 version of the File Transfer Manager, which has been available since June and isn't considered vulnerable.
"We believe that no more than about 50,000 users were ever exposed to the vulnerable control," McGee says. "And of that 50,000, there's reason to be believe that the vast majority had already upgraded."
Regardless, Microsoft urged all users of its developer network and beta and volume licensing programs to determine if the File Transfer Manager is installed on their systems. If it is, those users are advised to either upgrade to the latest 4.0 version of the File Transfer Manager or remove the vulnerable version by following step-by-step instructions that can be found online.
The security vulnerability was identified by Andrew Tereschenko, who lists his address at the TAG Software Research Lab in Odessa, Ukraine. In its letter to customers, Microsoft thanked Tereschenko for working with the company to develop a solution to the problem.