Alert: Microsoft Security Bulletin MS04-008 - Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: Tue, 9 Mar 2004 19:19:11 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS04-008:
Vulnerability in Windows Media Services Could Allow a Denial of Service
Version Number: V1.0
Revision Date: 03-09-2004
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate
Patch(es) Replaced: None
CVE Number(s): CAN-2003-0905
* Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000
Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4 -
* Windows Media Services 4.1 (included with Microsoft Windows 2000
Software Not Affected:
* Microsoft Windows NT(r) Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
* Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows
2000 Professional Service Pack 3, Microsoft 2000 Professional Service
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows Server(tm) 2003
* Microsoft Windows Server 2003 64-Bit Edition
A vulnerability exists because of the way that Windows Media Station
Service and Windows Media Monitor Service, components of Windows Media
Services, handle TCP/IP connections. If a remote user were to send a
specially-crafted sequence of TCP/IP packets to the listening port of
either of these services, the service could stop responding to requests
and no additional connections could be made. The service must be
restarted to regain its functionality.
Windows Media Services is made up of Windows Media Services
Administrator and four Windows Media Services components running on a
By using Windows Media Unicast Service, Windows Media content can be
streamed over unicast, using either TCP or UDP as a transport, to
Microsoft Windows Media Player or to another Windows Media server.
Windows Media Station Service performs three key functions:
*It arranges one or more streams of content (also known as a "playlist"
or "program") for subsequent streaming.
*It multicasts the playlist or program to Windows Media Player or to
another Windows Media server.
*It distributes the playlist or program locally to Windows Media Unicast
Service for subsequent unicasting to Windows Media Player or to another
Windows Media server.
Windows Media Program Service is a dependent service of Windows Media
Station Service. Windows Media Program Service helps the server
administrator build playlists of Windows Media content using Windows
Media Services Administrator and persist those playlists for future use.
Windows Media Monitor Service is the administrative console of Windows
Note Windows Media Unicast Service may also be affected by a
successful attack against Windows Media Station Service if Windows Media
Unicast Service is sourcing a playlist from Windows Media Station
Service. In this case, Windows Media Unicast Service could stop
functioning when it encounters the next item in the playlist. An
administrator can stream media by using Windows Media Unicast Service
without a playlist.
This email is sent to NTBugtraq automagically as a service to my
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.