Important Information about File Transfer Manager on Beta Place

Dear Microsoft Customer –

The Microsoft Security Response Center has learned of a security vulnerability affecting a software component used only by members of certain Microsoft customer programs.  You’ve received this mail because you have registered as a member of one of the programs and may have come in contact with the component that contains the vulnerability.  Microsoft believes that only a small number of customers actually are at risk, but we do urge you to use the following information to ensure that your system is secure.

The vulnerability could enable an attacker to gain control over another user’s system.  It lies in a software component called the File Transfer Manager (FTM), the purpose of which is to allow members of Microsoft beta programs, MSDN, Microsoft Volume Licensing Services, and a small number of other Microsoft programs to download software from certain Microsoft sites.  The FTM is only distributed through these programs, but not every member has installed it.  Even among customers who have installed it, not all are at risk, as only certain versions contain the vulnerability. 

Microsoft recommends that all customers receiving this mail determine whether the FTM is installed on their systems and, if so, ensure that they have either upgraded to the latest version (FTM 4.0) or removed the vulnerable version.  A web page (http://transfers.one.microsoft.com/ftm/install) is available that provides step-by-step instructions for doing this.  The entire process takes only minutes.

We’d like to thank Andrew Tereschenko for identifying the security vulnerability and working with us as we developed a solution.  We at Microsoft sincerely apologize for any inconvenience, and look forward to continuing to work with you as a member of a Microsoft customer program.

Regards,

The Microsoft Security Response Center

Comment On This Story