Summary of Microsoft Security Bulletin MS00-097

[Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>]

Summary of Microsoft Security Bulletin MS00-097

Vulnerable Platforms:
Microsoft Windows Media Services 4.1
Microsoft Windows Media Services 4.0
(Shipped with NT 4.0 and 2000)

Details:

Microsoft Windows Media Services are the server-side component of Windows
Media Technologies which provides streaming video and audio content
capabilities. It is divided into types of services, Unicast and Multicast.
Windows Media Unicast Services supplies media content to one client at a
time as opposed to Multicast which serves multiple clients simultaneously.
Windows Media Unicast Services are only affected by the vulnerability at
hand.

In the event that a client establishes a connection and then severs it
abruptly in a particular fashion, Windows Media Services will not release
the resources it has allocated to that particular client. If Windows Media
Services were to receive these connections repeatedly, resources would
become depleted and reach such a level that Windows Media Services would
not be able to properly service clients. Restarting the service would be
required in order to regain normal functionality and any client being
serviced at the time would have to re-establish their connection.

Solution:
Microsoft has released the following patch which eliminates this
vulnerability:
Microsoft patch WMSU35924
http://download.microsoft.com/download/winmediatech40/Update/35924/NT45/EN-US/WMSU35924.EXE
The same patch applies for both versions of Media Services.

Credit:
Discovered by NTT Communications and publicized in a
Microsoft Security Bulletin (MS00-097) on December 15,
2000.

Reference:
web page:
Frequently Asked Questions: Microsoft Security Bulletin (MS00-097)
http://www.microsoft.com/technet/security/bulletin/fq00-097.asp

Microsoft Knowledge Base article Q281256 will address this issue when it
is completed.

Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com