Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
MS03-022: Vulnerability in ISAPI extension for Windows Media Services may cause code execution
Article ID: 822343 - View products that this article applies to.
Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, and Microsoft Windows 2000 Datacenter Server, and Windows Media Services is also available in a downloadable version for Microsoft Windows NT 4.0 Server. Windows Media Services contains support for a method of delivering media content to clients across a network that is known as multicast streaming. In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content that is coming from the server.
To make logging of client information for the server easier, Windows 2000 includes a capability that is specifically designed to enable logging for multicast transmissions. This logging capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension named Nsiislog.dll. When Windows Media Services are added to Windows 2000 through the Add/Remove Programs utility, Nsiislog.dll is installed in the Internet Information Services (IIS) Scripts folder on the server. After Windows Media Services is installed, Nsiislog.dll is automatically loaded and used by IIS.
A flaw exists in the way Nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker can send specially formed HTTP requests (that is, communications) to the server, and these HTTP requests can cause IIS to fail or to execute code on the user's system.
By default, Windows Media Services is not installed on Windows 2000. An attacker who tries to exploit this vulnerability must know the computers on the network that have Windows Media Services installed and must send a specific request to that server.
Windows Media Services are not available for Windows 2000 Professional.
Security update information
Download informationThe following file is available for download from the Microsoft Download Center:
Release Date: June 25, 2003
Download the 822343 package now.
Collapse this imageExpand this image
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/ )How to obtain Microsoft support files from online services
PrerequisitesThis security update requires Windows 2000 Service Pack 2 (SP2), Windows 2000 Service Pack 3 (SP3), or Windows 2000 Service Pack 4 (SP4). For more information about Windows 2000 service packs, click the following article number to view the article in the Microsoft Knowledge Base:
260910Note Microsoft Windows Media Services 4.1 is included with Windows 2000 Server Service Pack 2 (SP2) and later.
(http://support.microsoft.com/kb/260910/ )How to obtain the latest Windows 2000 service pack
Installation informationThis security update supports the following Setup switches:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Services\wm822343
Deployment InformationTo install the security update without any user intervention, type the following command at a command prompt:
WindowsMedia41-KB822343-ENU /quietFor additional information about how to deploy this security update by using Microsoft Software Update Services, visit the following Microsoft Web site:
Restart requirementYou do not have to restart your computer after you apply this security update.
Removal informationYou cannot remove this security update because the Setup technology does not allow for removal and because Windows 2000 does not have a system-level rollback feature.
Security update replacement informationThis security update replaces the 817772 security update. For more information about this security update, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/817772/ )MS03-019: Flaw in ISAPI extension for Windows Media Services could cause denial of service
File informationThe English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ----------------------------------------------------- 02-Mar-2004 00:26 24,576 Custdll.dll 29-May-2003 21:25 126.96.36.19932 16,784 Nsiislog.dll 03-Jun-2003 15:47 6.0.2600.0 143,872 Nsisapi.exe
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the "Applies to" section.
For more information about this vulnerability, visit the following Microsoft Web site:
Article ID: 822343 - Last Review: November 7, 2007 - Revision: 7.2