General 8066 Published by

Patch Available for Malformed Windows Media Encoder Request Vulnerability

Originally posted: May 30, 2000
Updated: June 20, 2000

Microsoft Security Bulletin MS00-038 announces the availability of a patch that eliminates a vulnerability in a component of Microsoft:registered: Windows:registered: Media Technologies. The vulnerability could allow a malicious user to interfere with broadcasts of digital audio and video.

What's the scope of the vulnerability?

This is a denial of service vulnerability. A malicious user could use it to prevent a streaming media provider from preparing digital content such as audio and video for transmission. The vulnerability would not prevent a streaming media provider from serving previously-prepared content, but it could prevent it from preparing new content. This could be particularly important to providers who broadcast audio or video in real time.
The affected service could be put back into service by restarting it; it would not be necessary to restart the server. Also, locating the server could require that the malicious user already have an unusual degree of access to the network.

Read more