Windows Media Service Handshake Vulnerability

A security vulnerability exists in Microsoft® Windows Media Services that could allow denial of service attacks against a streaming media server.

Issue

The problem occurs when a client sends a rogue packet to the Windows Media Unicast Server or when the server is programmatically attacked.

The handshake sequence between a Windows Media server and a Windows Media Player is asynchronous, because certain resource requests are dependent on the successful completion of previous ones. If the client-side handshake packets are sent in a particular misordered sequence, with certain timing constraints, the server attempts to use a resource before it has been initialized, and then fails catastrophically, causing the Windows Media Unicast Service to stop responding.

You can put the Windows Media Unicast Service back into normal operating condition by restarting the service, but any sessions that were in effect at the time of the failure need to be restarted.

Affected Products

• Microsoft Windows Media Services 4.0 and 4.1

Solution

Users running NetShow 2.0 or later, or Media Services 4.0 should first upgrade their Windows Media Services installation to Windows Media Services 4.1 before applying the patch. Windows Media Services 4.1 can be downloaded for free from http://www.microsoft.com/windows/windowsmedia/

• Windows NT Server 4.0:
  http://download.microsoft.com/download/winmediatech40/
  Update/4954/NT4/EN-US/WMSU4954_NT4.EXE
• Windows 2000 Server:
  http://download.microsoft.com/download/winmediatech40/
  Update/4954/NT5/EN-US/WMSU4954_Win2000.EXE

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: February 23, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<