Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, and Microsoft Windows 2000 Datacenter Server, and Windows Media Services is also available in a downloadable version for Microsoft Windows NT 4.0 Server. Windows Media Services contains support for a method of delivering media content to clients across a network that is known as multicast streaming. In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content that is coming from the server.
To make logging of client information for the server easier, Windows 2000 includes a capability that is specifically designed to enable logging for multicast transmissions.
This logging capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension named Nsiislog.dll. When Windows Media Services are added to Windows 2000 through the Add/Remove Programs utility, Nsiislog.dll is installed in the Internet Information Services (IIS) Scripts folder on the server. After Windows Media Services is installed, Nsiislog.dll is automatically loaded and used by IIS.
A flaw exists in the way Nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker can send specially formed HTTP requests (that is, communications) to the server, and these HTTP requests can cause IIS to fail or to execute code on the user's system.
By default, Windows Media Services is not installed on Windows 2000. An attacker who tries to exploit this vulnerability must know the computers on the network that have Windows Media Services installed and must send a specific request to that server.
Windows Media Services are not available for Windows 2000 Professional.
Security update information
The following file is available for download from the Microsoft Download Center:
Download the 822343 package now.
Collapse this imageExpand this image
Release Date: June 25, 2003
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
This security update requires Windows 2000 Service Pack 2 (SP2), Windows 2000 Service Pack 3 (SP3), or Windows 2000 Service Pack 4 (SP4).
For more information about Windows 2000 service packs, click the following article number to view the article in the Microsoft Knowledge Base:
How to obtain the latest Windows 2000 service pack
Microsoft Windows Media Services 4.1 is included with Windows 2000 Server Service Pack 2 (SP2) and later.
This security update supports the following Setup switches:
- /help : Displays the command line options.
- /quiet : Use Quiet mode (no user interaction or display).
- /passive : Unattended mode (progress bar only).
- /uninstall : Uninstalls the package.
- /norestart : Do not restart when installation has completed.
- /forcerestart : Restart when installation has completed.
- /l : List the installed hotfixes or software updates.
- /o : Overwrite OEM files without prompting.
- /n : Do not back up files that are required for uninstall.
- /f : Force other programs to close when the computer shuts down.
To verify that the security update is installed on your computer, confirm that
the following registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Services\wm822343
To install the security update without any user intervention, type
the following command at a command prompt:
For additional information about how to deploy this security update by using Microsoft Software Update
Services, visit the following Microsoft Web site:
You do not have to restart your computer after you
apply this security update.
You cannot remove this security update because the Setup technology does not allow for removal and because Windows 2000 does not have a system-level rollback feature.
Security update replacement information
This security update replaces the 817772 security update.
For more information about this security update, click the following article number to view the article in the Microsoft Knowledge Base:
MS03-019: Flaw in ISAPI extension for Windows Media Services could cause denial of service
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone
tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
02-Mar-2004 00:26 24,576 Custdll.dll
29-May-2003 21:25 220.127.116.1132 16,784 Nsiislog.dll
03-Jun-2003 15:47 6.0.2600.0 143,872 Nsisapi.exe
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the "Applies to" section.
For more information about this vulnerability, visit the
following Microsoft Web site: