New Content to Address CVE-2023-42657 for WS_FTP in bigfix.me
BigFix has new content to address CVE-2023-42657, a critical directory traversal vulnerability in WS_FTP Server.
While WS_FTP is not a component of BigFix and we generally don’t support it for Patch content, we saw that a large portion of our community might be at risk for impact from this exploit and we wanted to help.
Where to Find the Fixlet
We have a fixlet published to bigfix.me available to all customers. This fixlet is community content and can be found here: https://bigfix.me/fixlet/details/27009
What the Fixlet Does
The fixlet detects the WS_FTP Server service on Windows and stops the WS_FTP service. If you want to take it further, you can edit the fixlet to disable the service. To do that, you would change the following line:
concatenation "%0d%0a" of ("sc stop %22" & item 0 of it & "%22")
concatenation "%0d%0a" of ("sc stop %22" & item 0 of it & "%22"; "sc config %22" & item 0 of it & "%22 start= disabled")
This modification will disable the WS_FTP service from starting automatically on system boot.
BigFix Recommends This Fixlet
We encourage all customers to deploy this fixlet as soon as possible to mitigate the risk of exploitation.
Please note: This fixlet is community content and has not been officially tested or supported by BigFix. We recommend that you test the fixlet in a staging environment before deploying it to production.