Important Security Flaw Affects Windows 2000 Servers

Microsoft on Wednesday put out a pair of security bulletins, including one alerting users to an important security flaw affecting the Windows 2000 servers.

The flaw rated “important” on Microsoft’s threat scale involves a potential buffer overrun in Windows Media Services that could cause a Windows 2000 server to fail and execute an attacker’s code. The other new security bulletin deals with a threat rated by Microsoft as “moderate” in its Windows Media Player 9 Series.

The important vulnerability occurs because of the way Windows Media Services, which serves media content to clients across a network, logs client information during multicast transmissions. The logging capability is implemented as an ISAPI extension called nsiislog.dll, which has a flawed way of handling incoming requests. A specially formed HTTP request could cause Internet Information Services to fail or execute code on the user’s system.

There are several mitigating factors that prevent the flaw from being rated critical by Microsoft. For one, Windows Media Services is not installed by default. For another, an attacker would have to be aware which computers on the network have Windows Media Services installed.

Windows XP and Windows Server 2003 are unaffected by the vulnerability. Windows Media Services is not available for Windows 2000 Professional. While Windows 2000 Server, Advanced Server and Datacenter Server ship with Windows Media Services integrated, it was available as a download add-on for Windows NT 4.0. Customers who downloaded the add-on can be open to the vulnerability under some circumstances.

Microsoft’s security bulletin is available at

The less severe security bulletin released Wednesday involved an information disclosure vulnerability in the Windows Media Player 9 Series. A flaw exists in the way an ActiveX control, which allows Web page authors to create pages that can play media, provides access to information on the user’s computer. An attacker could exploit the vulnerability by luring a user to a Web page designed to take advantage of the flaw or enticing the user to open or preview an HTML e-mail.

The attacker would be limited to viewing and manipulating data in the media library on the user’s computer. “The attacker would not be able to browse the user’s hard disk and would not have access to passwords or encrypted data,” Microsoft wrote in the bulletin. “The attacker might also be able to determine the user name of the logged-on user by examining the directory paths to media files.”

The Windows Media Player security bulletin is available at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Salesforce Buying Slack for $27 Billion To Bolster CRM Solution

    Salesforce on Tuesday announced the purchase of collaboration software-maker Slack for an estimated $27.7 billion.

  • Dark City Illustration

    The Night the Lights Went Out in the Cloud: Lessons from the AWS Outage

    Last week's AWS outage that broke the Internet showed how critical it is to build applications that can withstand transient failure. Here's what you need to know to design a resilient cloud app (and it doesn't involve multicloud).

  • 5 Steps To Fix Windows Indexing Problems

    The Windows indexing feature doesn't always deliver the correct results of a file search. Here are five troubleshooting steps you can take whenever Windows indexing acts up.

  • Microsoft Adding Simpler Microsoft 365 Admin Center Option for Small Businesses

    The Microsoft 365 Admin Center, used for setting up and managing various Microsoft services, is getting a more lightweight interface designed for "very small businesses," according to a Tuesday Microsoft announcement.

comments powered by Disqus