Microsoft Warns of Windows 2000 Server Flaw
The flaw could allow attackers to execute code on vulnerable machines.Microsoft Corp. on Wednesday issued a bulletin warning users of a flaw in a Windows 2000 Server component that could allow attackers to execute code on vulnerable machines. The flaw does not affect machines running Windows NT, XP or Windows Server 2003. The vulnerability lies in the DLL that Windows Media Services uses to log client information during multicasts. When WMS is installed a machine using the add/remove programs option in Windows, the Nsiislog.dll file is installed in the IIS scripts directory and automatically loaded and used by IIS. The DLL incorrectly handles incoming client requests, and as a result, an attacker could send an HTTP request that would cause a buffer overrun and either crash the server or execute the attackers code. However, there are two important caveats to this attack: First, WMS is not installed by default; and second, the attacker would need to know whether the target server had WMS installed in order to execute the attack.
The patch for this vulnerability is available here.