Security Home > BackOffice Software > Windows Media Services

Flaw in ISAPI Extension for Windows Media Services New

There is a security vulnerability in a Windows Media Services ISAPI extension that could allow an attacker to execute code of their choice on affected Windows NT 4.0 and Windows 2000 systems.

Issue

Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available as a downloadable version for Windows NT 4.0 Server. Windows Media Services contain support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming however, the server has no connection or knowledge of the clients that may be receiving the stream coming from the server. To facilitate logging of client information for the server Windows 2000 includes a capability specifically designed for that purpose. To help with this problem, Windows 2000 includes logging capabilities for multicast and unicast transmissions.

This capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension – nsiislog.dll. When Windows Media Services are installed in Windows NT 4.0 Server or added through add/remove programs to Windows 2000, nsiislog.dll is installed to the Internet Information Services (IIS) Scripts directory on the server.

There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to fail or execute code on the user's system.

Windows Media Services is not installed by default on Windows 2000, and must be downloaded to install on Windows NT 4.0. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server.

Affected Products

  • Microsoft Windows NT 4.0
  • Microsoft Windows 2000

Download

Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: May 30, 2003

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<

More Guides » Registry Guide Support Forums Software Guide Scripting Guide Search