SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Services Vendors:   Microsoft
Windows Media Services Discloses Authentication Information to Remote Users
SecurityTracker Alert ID:  1021375
SecurityTracker URL:  http://securitytracker.com/id/1021375
CVE Reference:   CVE-2008-3010   (Links to External Site)
Updated:  Nov 25 2009
Original Entry Date:  Dec 10 2008
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1, 9, 2008
Description:   A vulnerability was reported in Windows Media Services. A remote user can obtain the target user's authentication credentials.

When the target user's Windows Media component accesses a URL that uses an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) address, the target user's NTLM credentials may be disclosed to the server at that address.

Impact:   A remote user can obtain the target user's authentication credentials.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Server Service Pack 4, Windows Media Services 4.1:

http://www.microsoft.com/downloads/details.aspx?familyid=58B7D241-CEF6-48FA-AA52-017695F71DB1

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Media Services 9 Series:

http://www.microsoft.com/downloads/details.aspx?familyid=E71ABC2D-D60E-444A-9B7B-062C5805FE9E

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Media Services 9 Series:

http://www.microsoft.com/downloads/details.aspx?familyid=E0030155-1A9A-46CC-BBC8-6D0D1ED65C1F

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2*, Windows Media Services 2008:

http://www.microsoft.com/downloads/details.aspx?familyid=FFB5D945-7F98-4849-B020-ED4873FA42DF

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2*, Windows Media Services 2008:

http://www.microsoft.com/downloads/details.aspx?familyid=0204A366-5641-4036-9CB0-A46D04AF9D72

On November 24, 2009, Microsoft updated MS08-076 to indicate that the update for Windows XP Embedded operating system has be re-released. Customers using Windows XP Embedded operating system should apply the new fix.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-076.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (2008)
Underlying OS Comments:  2000 SP4, 2003 SP2, 2008 SP2; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC