On a computer that is running Windows 2000 or Windows XP, the FTP service is installed in Internet Information Services (IIS) 5.0 or IIS 5.1. You apply security update 975254 on this FTP server. In this situation, you may experience the following issues when you use an FTP client to connect to an FTP site that is located on this FTP server.
After the FTP client sends a QUIT command to the FTP service, the FTP service adds some additional characters to the response unexpectedly. For example, the FTP service typically sends the response "221" after it receives a QUIT command. However, the response contains the additional characters ".Bs.". This may cause the FTP client to function incorrectly.
The IIS FTP service is configured to display UNIX-style directory listings. When you send an FTP DIR command to the FTP service by using the FTP client, permission information is not displayed in the response.
For example, a line of dashes are displayed instead of permission information:
ftp> dir200 PORT command successful.150 Opening ASCII mode data connection for /bin/ls.---------- 1 owner group 5 Oct 27 17:42 A.MIN
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
You must have the FTP service installed in IIS 5.0 or IIS 5.1 to apply this hotfix. Also the computer must be running one of the following operating systems:
Windows 2000 Service Pack 4 (SP4)
Windows XP Service Pack 3 (SP3)
You must restart the computer if any affected files are being used when you apply this hotfix. To avoid having to restart the computer, stop the FTP Publishing Service before you apply this hotfix.
Hotfix replacement information
This hotfix does not replace other hotfixes.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x86-based versions of Windows 2000 SP4
For all supported x86-based versions of Windows XP SP3
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about security update 975254, click the following article number to view the article in the Microsoft Knowledge Base:
975254 MS09-053: Vulnerabilities in FTP Service for Internet Information Services could allow remote code execution