COMMAND

    Microsoft Windows Media Services

SYSTEMS AFFECTED

    Microsoft Windows Media Services 4.0, 4.1

PROBLEM

    Following is  based on  a Summary  of Microsoft  Security Bulletin
    MS00-097.   Microsoft Windows  Media Services  are the server-side
    component of Windows  Media Technologies which  provides streaming
    video and audio content capabilities.  It is divided into types of
    services, Unicast and Multicast.   Windows Media Unicast  Services
    supplies  media  content  to  one  client  at a time as opposed to
    Multicast which serves  multiple clients simultaneously.   Windows
    Media Unicast Services are  only affected by the  vulnerability at
    hand.

    In  the  event  that  a  client  establishes a connection and then
    severs it abruptly in a particular fashion, Windows Media Services
    will not release the resources it has allocated to that particular
    client.   If  Windows  Media   Services  were  to  receive   these
    connections repeatedly, resources would become depleted and  reach
    such a  level that  Windows Media  Services would  not be  able to
    properly  service  clients.   Restarting  the  service  would   be
    required in order  to regain normal  functionality and any  client
    being  serviced  at  the  time  would  have  to re-establish their
    connection.

    This has been discovered by NTT Communications and publicized in a
    Microsoft Security Bulletin (MS00-097) on December 15th 2000.

SOLUTION

    Microsoft has released the  following patch which eliminates  this
    vulnerability:

        http://download.microsoft.com/download/winmediatech40/Update/35924/NT45/EN-US/WMSU35924.EXE