Important Security Flaw Affects Windows 2000 Servers

Microsoft on Wednesday put out a pair of security bulletins, including one alerting users to an important security flaw affecting the Windows 2000 servers.

The flaw rated “important” on Microsoft’s threat scale involves a potential buffer overrun in Windows Media Services that could cause a Windows 2000 server to fail and execute an attacker’s code. The other new security bulletin deals with a threat rated by Microsoft as “moderate” in its Windows Media Player 9 Series.

The important vulnerability occurs because of the way Windows Media Services, which serves media content to clients across a network, logs client information during multicast transmissions. The logging capability is implemented as an ISAPI extension called nsiislog.dll, which has a flawed way of handling incoming requests. A specially formed HTTP request could cause Internet Information Services to fail or execute code on the user’s system.

There are several mitigating factors that prevent the flaw from being rated critical by Microsoft. For one, Windows Media Services is not installed by default. For another, an attacker would have to be aware which computers on the network have Windows Media Services installed.

Windows XP and Windows Server 2003 are unaffected by the vulnerability. Windows Media Services is not available for Windows 2000 Professional. While Windows 2000 Server, Advanced Server and Datacenter Server ship with Windows Media Services integrated, it was available as a download add-on for Windows NT 4.0. Customers who downloaded the add-on can be open to the vulnerability under some circumstances.

Microsoft’s security bulletin is available at

The less severe security bulletin released Wednesday involved an information disclosure vulnerability in the Windows Media Player 9 Series. A flaw exists in the way an ActiveX control, which allows Web page authors to create pages that can play media, provides access to information on the user’s computer. An attacker could exploit the vulnerability by luring a user to a Web page designed to take advantage of the flaw or enticing the user to open or preview an HTML e-mail.

The attacker would be limited to viewing and manipulating data in the media library on the user’s computer. “The attacker would not be able to browse the user’s hard disk and would not have access to passwords or encrypted data,” Microsoft wrote in the bulletin. “The attacker might also be able to determine the user name of the logged-on user by examining the directory paths to media files.”

The Windows Media Player security bulletin is available at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Azure Networking Enhancements Announced at Ignite

    Azure networking improvements were announced by Microsoft as part of its Ignite Conference.

  • How To Reclaim Your Privacy from Windows 10, Part 2

    These are the top four privacy settings to check in your Windows device to make sure Microsoft doesn't collect any data you don't want it to.

  • Microsoft Releases Out-of-Band Security Patches for Exchange Server

    Microsoft on Tuesday released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks.

  • Microsoft Mesh for Building Mixed Reality Apps Highlighted at Ignite

    The Microsoft Ignite Day 1 keynote presentations were heavy with talk about Microsoft Mesh, a new Microsoft Azure-based platform for building "cross-platform mixed reality apps" for multiple participants.

comments powered by Disqus