Windows Media Server Denial of Service

Reported February 24, 2000 by Kit Knox
VERSIONS AFFECTED
Windows Media Services 4.0 and 4.1

DESCRIPTION

According to Microsoft"s report, "The handshake sequence between a Windows Media server and a Windows Media Player is asynchronous, because certain resource requests are dependent on the successful completion of previous ones. If the client-side handshake packets are sent in a particular misordered sequence, with certain timing constraints, the server will attempt to use a resource before it has been initialized and will fail catastrophically, causing the Windows Media Unicast Service to crash."

VENDOR RESPONSE

Microsoft has issued a patch for NT 4.0 and Win2K Server, as well as a FAQ regarding this matter.

NOTE: Windows NT Server 4.0 customers should upgrade their Windows Media Services installation to Windows Media Services 4.1 before applying the patch. Windows Media Services 4.1 can be downloaded for free from the following URL:

http://www.microsoft.com/windows/windowsmedia/

Windows 2000 Server includes Windows Media Services 4.1, so the patch can be applied directly to this configuration.

CREDITS
Discovered by Kit Knox