Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections.
Microsoft Windows Media Services is an optional component that provides the ability to deliver streaming content to Windows Media clients. It is comprised of the Windows Media Unicast Service, Windows Media Station Service, Windows Media Program Service, and Windows Media Monitor Service. There is a vulnerability in the way TCP/IP connections are handled by both the Windows Media Station Service and Windows Media Monitor Service. By sending a specially crafted sequence of TCP/IP packets to either of these services, a remote, unauthenticated attacker could cause the service to stop responding or refuse additional TCP connections.
A remote, unauthenticated attacker could cause the Windows Media Station Service or Windows Media Monitor Service to stop responding or refuse new TCP connections. In order to restore functionality, the service needs to be restarted.
Microsoft has provided a patch to address this vulnerability. For details on obtaining the patch, please refer to Microsoft Security Bulletin MS04-008.
Impact of Workaround: If you block port 7007, you will prevent multicast streams and the enabling of playlists from functioning across the firewall. If you block port 7778, you will prevent administrative functions from functioning across the firewall.
Impact of Workaround: None.
Impact of Workaround: Stopping, disabling, or removing Windows Media Station Service will cause multicast streams or the enabling of playlists to not function.
Impact of Workaround: Disabling or removing Windows Media Monitor Service will prevent the possibility of administering Windows Media Services.
Microsoft credits Qualys for reporting this vulnerability.
This document was written by Damon Morda.
|Date First Published:||2004-03-10|
|Date Last Updated:||2004-03-11 13:39 UTC|