Microsoft Security Bulletin MS00-016 - Important
Patch Available for "Malformed Media License Request" Vulnerability
Published: March 17, 2000
Originally Posted: March 17, 2000
Microsoft has released a patch that eliminates a denial of service vulnerability in Microsoft® Windows Media™ License Manager. The vulnerability could allow a malicious user to temporarily prevent the license server from issuing further licenses to customers for protected digital content (music and video).
Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq00-016.mspx.
Windows Media License Manager is part of Windows Media Rights Manager, a component of Windows Media Technologies that enables content providers to distribute copyrighted digital media in encrypted form. When Windows Media Player opens protected digital media, it contacts the provider's server, presents the user's license request information, and obtains a license that allows it to play the media. However, a specially-malformed license request can cause License Manager to halt, thereby preventing legitimate subscribers from obtaining a license for the same or other content hosted at this site.
The vulnerability does not in any way compromise the protection provided by the encryption or prevent offline playing of content that the user has already licensed. The server can be put back into normal operation by restarting the License Manager.
Affected Software Versions
- Windows Media Rights Manager 1.0.
Vulnerability Identifier: CVE-2000-0228
Note: Additional security patches are available at the Microsoft Download Center
Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS00-016: Frequently Asked Questions
- Microsoft Knowledge Base (KB) article 257200 - Windows Media Server Rights Manager May Stop Serving Licenses.
- Microsoft TechNet Security web site.
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/contactussupport/?ws=support
March 17, 2000: Bulletin Created.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Built at 2014-04-18T13:49:36Z-07:00