Alert: Microsoft Security Bulletin MS04-008 - Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)

• Previous message: NGSSoftware Insight Security Research: "Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 9 Mar 2004 19:19:11 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Microsoft Security Bulletin MS04-008:
Vulnerability in Windows Media Services Could Allow a Denial of Service
(832359)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS04-008.mspx

Summary:
 Version Number: V1.0
 Revision Date: 03-09-2004
 Impact of Vulnerability: Denial of Service
 Maximum Severity Rating: Moderate
 Patch(es) Replaced: None
 Caveats: None
 CVE Number(s): CAN-2003-0905

Tested Software:
 Affected Software:
 * Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000
Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4 -
<http://www.ntbugtraq.com/link/7F4C067C-5D34-48FB-A9FA-C2200243D4D2.asp>

 Affected Components:
 * Windows Media Services 4.1 (included with Microsoft Windows 2000
Server)

 Software Not Affected:
 * Microsoft Windows NT(r) Workstation 4.0 Service Pack 6a
 * Microsoft Windows NT Server 4.0 Service Pack 6a
 * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
 * Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows
2000 Professional Service Pack 3, Microsoft 2000 Professional Service
Pack 4
 * Microsoft Windows XP, Microsoft Windows XP Service Pack 1
 * Microsoft Windows XP 64-Bit Edition Service Pack 1
 * Microsoft Windows XP 64-Bit Edition Version 2003
 * Microsoft Windows Server(tm) 2003
 * Microsoft Windows Server 2003 64-Bit Edition

Technical Description:

A vulnerability exists because of the way that Windows Media Station
Service and Windows Media Monitor Service, components of Windows Media
Services, handle TCP/IP connections. If a remote user were to send a
specially-crafted sequence of TCP/IP packets to the listening port of
either of these services, the service could stop responding to requests
and no additional connections could be made. The service must be
restarted to regain its functionality.
Windows Media Services is made up of Windows Media Services
Administrator and four Windows Media Services components running on a
single computer:
By using Windows Media Unicast Service, Windows Media content can be
streamed over unicast, using either TCP or UDP as a transport, to
Microsoft Windows Media Player or to another Windows Media server.
Windows Media Station Service performs three key functions:

*It arranges one or more streams of content (also known as a "playlist"
or "program") for subsequent streaming.

*It multicasts the playlist or program to Windows Media Player or to
another Windows Media server.

*It distributes the playlist or program locally to Windows Media Unicast
Service for subsequent unicasting to Windows Media Player or to another
Windows Media server.

Windows Media Program Service is a dependent service of Windows Media
Station Service. Windows Media Program Service helps the server
administrator build playlists of Windows Media content using Windows
Media Services Administrator and persist those playlists for future use.
Windows Media Monitor Service is the administrative console of Windows
Media Services.
Note Windows Media Unicast Service may also be affected by a
successful attack against Windows Media Station Service if Windows Media
Unicast Service is sourcing a playlist from Windows Media Station
Service. In this case, Windows Media Unicast Service could stop
functioning when it encounters the next item in the playlist. An
administrator can stream media by using Windows Media Unicast Service
without a playlist.

This email is sent to NTBugtraq automagically as a service to my
subscribers. (v3)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
-----

• Previous message: NGSSoftware Insight Security Research: "Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: corupt Windows Media Licenses (wmdrm) ... Microsoft Windows Media Player 10 may not work correctly after you upgrade to ... (microsoft.public.windowsxp.general) error C00D0BB8 ... was on the Windows Media Version 9.000.00.3250 I am on Microsoft Windows XP ... Home Edition Version 2002 Service Pack 2. ... (microsoft.public.windowsmedia.player) "The specific module could not be found." ... I've got the latest updated Windows Media Player on my Microsoft Windows XP ... and i've downloaded a bunch of songs from CD tracks onto it. ... (microsoft.public.windowsmedia.player) cannot copy cd to media player ... I received an error message ID#80070041/ network access denied. ... I have microsoft windows XP 2002 windows media 9 series ... we are connected to the network always, besides what does that have to do with copying a CD ... (microsoft.public.windowsmedia.player) RE: Window Media Player not playing ... and MPEg video based files in the "The Music" folder in the Hard drive.. ... Windows Media Player cannot access the file. ... Verify that you have the appropriate access rights, ... playlists are stored in the My Playlists folder. ... (microsoft.public.windowsxp.music)