A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially crafted packets to a Windows computer with the FTP Server role enabled that is accepting connections on TCP port 21. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The security update addresses the vulnerability by correcting how Windows handles FTP connections.