A Denial of Service risk had been reported in IIS FTP 7.5 service that ships with Windows 7 and Windows Server 2008 R2. An attacker can take advantage of the FTP response mechanism and cause a heap buffer overrun. Microsoft states that there is no risk of malicious code execution. Hence, the exploit of such vulnerability can cause a DOS attack on the FTP service while it does not affect IIS web services.
It is recommended to stop the IIS FTP service if you do not intend using it, however, the service is not installed by default. Microsoft will be releasing a security update or additional guidance to help customers protect themselves against this vulnerability.
For more information visit Microsoft’s Security Research & Defense