RealTime IT News

Windows Media Services Flaw Fixed

Microsoft on Wednesday warned of a security flaw in the ISAPI extension for Windows Media Services that could lead to code execution on Windows 2000 systems.

In an advisory, Microsoft tagged an "important" rating to the vulnerability and urged systems admins to install a patch at the earliest opportunity.

The company said the flaw was detected in the logging capability of Windows Media Services, which is used for the delivery of media content to clients across a network (multicast streaming).

"In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content coming from the server," the company said, explaining that Windows 2000 includes a capability specifically designed to enable logging for multicast transmissions.

"There is a flaw in the way (the logging capability) processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request to the server that could cause IIS to fail or execute code on the user's system," Microsoft cautioned.

Although Windows Media Services is available for Windows Server 2003, Windows XP and NT 4.0, the flaw does not affect those software versions.