Bugtraq mailing list archives
Summary of Microsoft Security Bulletin MS00-097
From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Tue, 19 Dec 2000 18:55:36 -0800
Summary of Microsoft Security Bulletin MS00-097 Vulnerable Platforms: Microsoft Windows Media Services 4.1 Microsoft Windows Media Services 4.0 (Shipped with NT 4.0 and 2000) Details: Microsoft Windows Media Services are the server-side component of Windows Media Technologies which provides streaming video and audio content capabilities. It is divided into types of services, Unicast and Multicast. Windows Media Unicast Services supplies media content to one client at a time as opposed to Multicast which serves multiple clients simultaneously. Windows Media Unicast Services are only affected by the vulnerability at hand. In the event that a client establishes a connection and then severs it abruptly in a particular fashion, Windows Media Services will not release the resources it has allocated to that particular client. If Windows Media Services were to receive these connections repeatedly, resources would become depleted and reach such a level that Windows Media Services would not be able to properly service clients. Restarting the service would be required in order to regain normal functionality and any client being serviced at the time would have to re-establish their connection. Solution: Microsoft has released the following patch which eliminates this vulnerability: Microsoft patch WMSU35924 http://download.microsoft.com/download/winmediatech40/Update/35924/NT45/EN-US/WMSU35924.EXE The same patch applies for both versions of Media Services. Credit: Discovered by NTT Communications and publicized in a Microsoft Security Bulletin (MS00-097) on December 15, 2000. Reference: web page: Frequently Asked Questions: Microsoft Security Bulletin (MS00-097) http://www.microsoft.com/technet/security/bulletin/fq00-097.asp Microsoft Knowledge Base article Q281256 will address this issue when it is completed. Ben Greenbaum Director of Site Content SecurityFocus http://www.securityfocus.com
Current thread:
- Summary of Microsoft Security Bulletin MS00-097 Ben Greenbaum (Dec 20)