Alert: Microsoft Security Bulletin - MS03-019

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 05/28/03

  • Next message: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-018" 
    Date:         Wed, 28 May 2003 13:30:12 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    http://www.microsoft.com/technet/security/bulletin/MS03-019.asp

    Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772)

    Originally posted: May 28, 2003

    Summary

    Who should read this bulletin: System administrators running Microsoft® Windows NT 4.0 or Microsoft Windows 2000

    Impact of vulnerability: Denial of Service

    Maximum Severity Rating: Moderate

    Recommendation: System administrators install the patch at the earliest available opportunity.

    Affected Software:
    - Microsoft Windows NT 4.0
    - Microsoft Windows 2000Non Affected Software:
    - Microsoft Windows XP
    - Microsoft Windows Server 2003

    Technical description:

    Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available as a downloadable version for Windows NT 4.0 Server. Windows Media Services contain support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming however, the server has no connection or knowledge of the clients that may be receiving the stream coming from the server. To facilitate logging of client information for the server Windows 2000 includes a capability specifically designed for that purpose. . To help with this problem, Windows 2000 includes logging capabilities for multicast and unicast transmissions.

    This capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension - nsiislog.dll. When Windows Media Services are installed in Windows NT 4.0 Server or added through add/remove programs to Windows 2000, nsiislog.dll is installed to the Internet Information Services (IIS) Scripts directory on the server.

    There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to stop responding to Internet requests.

    Windows Media Services is not installed by default on Windows 2000, and must be downloaded to install on Windows NT 4.0. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server. The denial of service would only affect IIS, and other services on the server would remain unaffected.

    Mitigating factors:
    - Windows Media Services 4.1 is not installed by default on Windows 2000, and must be downloaded to install on Windows NT 4.0.
    - Windows Media Services are not available for Windows 2000 Professional or Windows NT 4.0 Workstation
    - The attacker would have to know which server on the network Windows Media Services had been installed on.

    Vulnerability identifier: CAN-2003-0227

    This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your FREE, NO OBLIGATION 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-018"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #177
      ... RobotFTP Server Username Buffer Overflow Vulnerability ... Ipswitch IMail Server Remote LDAP Daemon Buffer Overflow Vul... ... Microsoft Windows XP Help And Support Center Interface Spoof... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #158
      ... Gamespy 3d IRC Client Remote Buffer Overflow Vulnerability ... Microsoft Windows PostThreadMessage() Arbitrary Process Kill... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #228
      ... RaidenHTTPD Remote File Disclosure Vulnerability ... Microsoft Outlook Web Access Login Form Remote URI Redirecti... ... Microsoft Windows Hyperlink Object Library Buffer Overflow V... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #124
      ... Bladeenc Signed Integer Memory Corruption Vulnerability ... Opera JavaScript Console Attribute Injection Vulnerability ... Microsoft Windows 2000 NetBIOS Continuation Packets Kernel... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #138
      ... Nessus LibNASL Arbitrary Code Execution Vulnerability ... Blackmoon FTP Server Username Information Disclosure... ... Microsoft Windows Media Player Automatic File Download and... ...
      (Focus-Microsoft)