New Media New Danger - Microsoft identifies more security flaws

By Alun WIlliams

Posted on 26 Jun 2003 at 12:13

Microsoft has identified a new security flaw regarding its Windows Media Player 9, and is urging users to patch.

This is a good example of additional functionality leaving gaps for exploitation. When a user visits a Web page with embedded media a Windows Media Player 9 ActiveX control handles the interface to allow the user to perform such actions as pausing or rewinding the video or audio. However, a flaw exists in the way in which the control provides access to info on the user's computer. It seems an attacker - by hosting a malicious website - is able to view and manipulate metadata in the media library on the user's computer.

The issue only has a severity rating of 'Moderate' because an attacker would not be able to execute code on your system or delete files on the hard disk.

More details can be found in the Microsoft Security Bulletin MS03-021.asp

Another security bulletin - Microsoft Security Bulletin MS03-022.asp - has also been issued, concerning Windows Media Services.

The flaw lies in the ISAPI Extension for Windows Media Services, and relates to Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server.

Specifically, there is a problem in the way nsiislog.dll processes incoming client requests. Specially written HTTP requests can be made to a server that could cause IIS (Internet Information Server) to fail or execute code on the user's system.

It only has a severity rating of 'Important' because by default Windows Media Services is not installed by default on Windows 2000. An attacker would have to be aware which computers on the network had Windows Media Services installed and send a specific request to that server.