Security Bulletin

Microsoft Security Bulletin MS00-016 - Important

Patch Available for "Malformed Media License Request" Vulnerability

Published: March 17, 2000

Version: 1.0

Originally Posted: March 17, 2000

Summary

Microsoft has released a patch that eliminates a denial of service vulnerability in Microsoft® Windows Media™ License Manager. The vulnerability could allow a malicious user to temporarily prevent the license server from issuing further licenses to customers for protected digital content (music and video).

Frequently asked questions regarding this vulnerability can be found at https://www.microsoft.com/technet/security/bulletin/fq00-016.mspx.

General Information

Issue

Windows Media License Manager is part of Windows Media Rights Manager, a component of Windows Media Technologies that enables content providers to distribute copyrighted digital media in encrypted form. When Windows Media Player opens protected digital media, it contacts the provider's server, presents the user's license request information, and obtains a license that allows it to play the media. However, a specially-malformed license request can cause License Manager to halt, thereby preventing legitimate subscribers from obtaining a license for the same or other content hosted at this site.

The vulnerability does not in any way compromise the protection provided by the encryption or prevent offline playing of content that the user has already licensed. The server can be put back into normal operation by restarting the License Manager.

Affected Software Versions

• Windows Media Rights Manager 1.0.

Vulnerability Identifier: CVE-2000-0228

Patch Availability

• https://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID;=85E422C6-A6F9-4EAF-BD8E-B5267160D3CC
  Note: Additional security patches are available at the Microsoft Download Center

More Information

Please see the following references for more information related to this issue.

• Microsoft Security Bulletin MS00-016: Frequently Asked Questions
• Microsoft Knowledge Base (KB) article 257200 - Windows Media Server Rights Manager May Stop Serving Licenses.
• Microsoft TechNet Security web site.

Obtaining Support on this Issue

This is a fully supported patch. Information on contacting Microsoft Technical Support is available at https:

Acknowledgments

Microsoft thanks Dan Lemon of Reciprocal for reporting this issue to us and working with us to protect customers.

Revisions

March 17, 2000: Bulletin Created.

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Built at 2014-04-18T13:49:36Z-07:00 </https:>