Important Security Flaw Affects Windows 2000 Servers

Microsoft on Wednesday put out a pair of security bulletins, including one alerting users to an important security flaw affecting the Windows 2000 servers.

The flaw rated “important” on Microsoft’s threat scale involves a potential buffer overrun in Windows Media Services that could cause a Windows 2000 server to fail and execute an attacker’s code. The other new security bulletin deals with a threat rated by Microsoft as “moderate” in its Windows Media Player 9 Series.

The important vulnerability occurs because of the way Windows Media Services, which serves media content to clients across a network, logs client information during multicast transmissions. The logging capability is implemented as an ISAPI extension called nsiislog.dll, which has a flawed way of handling incoming requests. A specially formed HTTP request could cause Internet Information Services to fail or execute code on the user’s system.

There are several mitigating factors that prevent the flaw from being rated critical by Microsoft. For one, Windows Media Services is not installed by default. For another, an attacker would have to be aware which computers on the network have Windows Media Services installed.

Windows XP and Windows Server 2003 are unaffected by the vulnerability. Windows Media Services is not available for Windows 2000 Professional. While Windows 2000 Server, Advanced Server and Datacenter Server ship with Windows Media Services integrated, it was available as a download add-on for Windows NT 4.0. Customers who downloaded the add-on can be open to the vulnerability under some circumstances.

Microsoft’s security bulletin is available at

The less severe security bulletin released Wednesday involved an information disclosure vulnerability in the Windows Media Player 9 Series. A flaw exists in the way an ActiveX control, which allows Web page authors to create pages that can play media, provides access to information on the user’s computer. An attacker could exploit the vulnerability by luring a user to a Web page designed to take advantage of the flaw or enticing the user to open or preview an HTML e-mail.

The attacker would be limited to viewing and manipulating data in the media library on the user’s computer. “The attacker would not be able to browse the user’s hard disk and would not have access to passwords or encrypted data,” Microsoft wrote in the bulletin. “The attacker might also be able to determine the user name of the logged-on user by examining the directory paths to media files.”

The Windows Media Player security bulletin is available at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

  • Q&A: The Challenges of Securing All Those Newly Remote Workers

    Security expert Dale Meredith identifies cybersecurity challenges, best practices and major concerns resulting from all the employees forced into home offices by COVID-19.

  • Astronaut Survival Training: A Crash Course in Sea Survival

    Lots of things can go wrong during a commercial spaceflight -- especially once your capsule leaves space. An unplanned ocean landing is just one of those worst-case scenarios.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.