Steven Posted March 9, 2004 Share Posted March 9, 2004 Microsoft Security Bulletin MS04-008 Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) Issued: March 9, 2004 Version: 1.0 Summary Who Should Read This Document: Customers who are using Microsoft? Windows? 2000 Impact of Vulnerability: Denial of Service Maximum Severity Rating: Moderate Recommendation: Systems administrators should consider applying the security update to systems that are running Windows 2000 Server and that have Windows Media Services 4.1 installed. Security Update Replacement: None Caveats: None Tested Software and Security Update Download Locations: Affected Software ?Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4 -Download the update Non Affected Software ?Microsoft Windows NT? Workstation 4.0 Service Pack 6a ?Microsoft Windows NT Server 4.0 Service Pack 6a ?Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ?Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows 2000 Professional Service Pack 3, Microsoft 2000 Professional Service Pack 4 ?Microsoft Windows XP, Microsoft Windows XP Service Pack 1 ?Microsoft Windows XP 64-Bit Edition Service Pack 1 ?Microsoft Windows XP 64-Bit Edition Version 2003 ?Microsoft Windows Server? 2003 ?Microsoft Windows Server 2003 64-Bit Edition Tested Microsoft Windows Components: Affected Components: ?Windows Media Services 4.1 (included with Microsoft Windows 2000 Server) Non Affected Components: ?Windows Media Services 9.0 Series (included with Microsoft Windows Server 2003) ?Windows Media Services 4.1 (available for download for Windows NT4 Server) The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security patch support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version. Top of section Technical description: A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality. Windows Media Services is made up of Windows Media Services Administrator and four Windows Media Services components running on a single computer: By using Windows Media Unicast Service, Windows Media content can be streamed over unicast, using either TCP or UDP as a transport, to Microsoft Windows Media Player or to another Windows Media server. Windows Media Station Service performs three key functions: ?It arranges one or more streams of content (also known as a "playlist" or "program") for subsequent streaming. ?It multicasts the playlist or program to Windows Media Player or to another Windows Media server. ?It distributes the playlist or program locally to Windows Media Unicast Service for subsequent unicasting to Windows Media Player or to another Windows Media server. Windows Media Program Service is a dependent service of Windows Media Station Service. Windows Media Program Service helps the server administrator build playlists of Windows Media content using Windows Media Services Administrator and persist those playlists for future use. Windows Media Monitor Service is the administrative console of Windows Media Services. Note Windows Media Unicast Service may also be affected by a successful attack against Windows Media Station Service if Windows Media Unicast Service is sourcing a playlist from Windows Media Station Service. In this case, Windows Media Unicast Service could stop functioning when it encounters the next item in the playlist. An administrator can stream media by using Windows Media Unicast Service without a playlist. Mitigating factors: ?The Windows Media Services component is not installed by default. ?Windows Media Services can be configured to offer streaming media over unicast only and would then not be affected by this vulnerability. This configuration would mean that different media streams from the same server could not be added into a playlist. ?Microsoft recommends that customers enable Windows Media Unicast Service only on Internet-facing sockets and ports and not the other components of Windows Media Services. If this practice is followed, the attack surface would not be exposed to the Internet. ?Customers who administer their Windows Media Services servers directly from the console or through a Terminal Services session are not affected by any successful Denial of Service attempts against Windows Media Monitor Service. Windows Media Monitor Service would not be accessible remotely, only locally. ?If you have disabled Windows Media Station Service and Windows Media Monitor Service, you are not affected by this vulnerability. Severity Rating: Microsoft Windows 2000 Server Moderate The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them. Vulnerability identifier: CAN-2003-0905 Top of section http://www.microsoft.com/technet/security/...n/ms04-008.mspx Link to comment Share on other sites More sharing options...
Recommended Posts