Microsoft Security Bulletin (MS00-097)
   
   Patch Available for Severed Windows Media Server Connection
   Vulnerability
   
   Originally posted: December 15, 2000
   
Summary

   Microsoft has released a patch that eliminates a security
   vulnerability in Microsoft® Windows Media Services. The vulnerability
   could allow a malicious user to degrade the performance of a Windows
   Media server, possibly to the point where it could no longer provide
   useful service.
   
   Frequently asked questions regarding this vulnerability and the patch
   can be found at
   http://www.microsoft.com/technet/security/bulletin/fq00-097.asp
   
Issue

   When a connection to a Windows Media server is made, then severed,
   using a particular sequence of TCP/IP packets, the Windows Media
   Unicast Service does not release all of the resources allocated to the
   connection. By repeatedly making and then severing connections in this
   manner, a malicious user could exhaust the resources on a server,
   thereby preventing it from providing streaming media services.
   
   If an affected server were attacked via this vulnerability, the server
   operator could restore normal operation by restarting the Windows
   Media Service. Any sessions that were in progress would be lost, but
   users could immediately reconnect and resume normal use.
   
Affected Software Versions

     * Microsoft Windows Media Services 4.0
     * Microsoft Windows Media Services 4.1
       
Patch Availability

     * http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26470
       
   Note: Windows Media Services 4.1 ships as part of Windows 2000, and
   the patch for Windows Media Services 4.1 can be applied atop Windows
   2000 Gold or SP1. The fix will be incorporated into Windows 2000 SP3.
   
   Note: Windows Media Services 4.0 does not ship as part of any other
   product. The patch for Windows Media Services 4.0 can be applied to
   any machine already running the product, and will not be included in
   any other product's future service packs.
   
   Note Additional security patches are available at the Microsoft
   Download Center 
   
More Information

   Please see the following references for more information related to
   this issue.
     * Frequently Asked Questions: Microsoft Security Bulletin MS00-097,
       http://www.microsoft.com/technet/security/bulletin/fq00-097.asp
     * Microsoft Knowledge Base article Q281256 discusses this issue and
       will be available soon.
     * Microsoft TechNet Security web site,
       http://www.microsoft.com/technet/security/default.asp
       
Obtaining Support on this Issue

   This is a fully supported patch. Information on contacting Microsoft
   Product Support Services is available at
   http://support.microsoft.com/support/contact/default.asp.
   
Acknowledgments

   Microsoft thanks  NTT Communications (http://www.ntt.com) for
   reporting this issue to us and working with us to protect customers.
   
Revisions

     * December 15, 2000: Bulletin Created.
       
   THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
   "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
   WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
   SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
   WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS
   OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
   OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
   SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
   CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
   NOT APPLY.
   
     Last updated December 15, 2000
     © 2000 Microsoft Corporation. All rights reserved. Terms of use.