NT Versions Affected:

3.5, 3.51, 4.0

Problem:

The FTP service allows passive connections to be established based on the port address given by client. This can enable some hackers to use this facility to execute malicious commands off the FTP service.

The registry contains an entry in <System\CurrentControlSet\Services\MSFTPSVC\Parameters> where the value could be enabled for value <EnablePortAttack: REG_DWORD: >. Verify this value is '0', not '1'.

Verification:

http://www.microsoft.com/kb/articles/q147/6/21.htm