WebTV for Windows Denial of Service (Patch available) ------------------------------------------------------------------------ SUMMARY Microsoft has released a patch that eliminates a security vulnerability in Microsoft WebTV for Windows. The vulnerability could allow a malicious user to remotely crash systems running WebTV for Windows. For more information, see our previous posts: <http://www.securiteam.com/windowsntfocus/WebTV_vulnerable_to_a_DoS.html> WebTV vulnerable to a DoS <http://www.securiteam.com/exploits/Exploit_code_released_for_the_WebTV_DoS.html> Exploit code released for the WebTV DoS DETAILS Affected Software Versions: - Microsoft WebTV for Windows on Windows 98, Windows 98SE, and Windows Me NOTE: This vulnerability is not related to the WebTV(tm) service provided by WebTV Networks. There is a denial of service vulnerability in WebTV for Windows that may allow a malicious user to remotely crash the WebTV for Windows application and/or the computer system running WebTV for Windows. Restarting the application or system will return the system to its normal state. Although the WebTV for Windows application ships with Windows 98, 98SE, and Windows Me products, the application is not installed by default, and customers who have not installed it would not be at risk. Patch Availability: - Windows 98 and 98SE <http://download.microsoft.com/download/win98SE/Update/12278/W98/EN-US/274113USA8.EXE> http://download.microsoft.com/download/win98SE/Update/12278/W98/EN-US/ 274113USA8.EXE - Windows Me <http://download.microsoft.com/download/winme/Update/12278/WinMe/EN-US/274113USAM.EXE> http://download.microsoft.com/download/winme/Update/12278/WinMe/EN-US/ 274113USAM.EXE NOTE: The above URLS may have been wrapped for readability. What's the scope of the vulnerability? This is a Denial of Service vulnerability. A malicious user could use the vulnerability to crash either the operating system or the WebTV for Windows application. By default, WebTV for Windows is not automatically installed on Windows 98, 98Se, or Windows Me operating systems, and only customers who have installed it would be at risk from this vulnerability. The vulnerability could be used to crash the WebTV for Windows application and/or the host operating system, but could not be used for any broader attack - that is, it could not be used to compromise data on an affected system or usurp administrative control. The WebTV for Windows application could be restored on an affected machine by restarting the application. What causes the vulnerability? A flaw in the WebTV for Windows application may cause either the application or the operating system to fail when provided with a particular malformed input string from a malicious client machine. What is WebTV for Windows WebTV for Windows is an add-in application that ships with Windows 98, 98SE, and Windows Me Operating Systems. The application works in conjunction with a TV tuner card to display TV programming on the computer. What's the problem with the WebTV for Windows application? The WebTV for Windows application does not correctly handle a particular kind of malformed input string that could be sent to it from a client. If such a string were received by an affected system, it would cause the application and/or operating system to fail. Who could exploit this vulnerability? Any malicious user who could send data to an affected machine could exploit the vulnerability. If an affected machine were directly connected to the Internet, a malicious user on the Internet could exploit the vulnerability. Does this have anything to do with WebTV? No. WebTV (www.webtv.com) is a service that provides Internet services to users via their television. WebTV for Windows is an unrelated product that enables users to view TV programs on their computer. Who should use the patch? Microsoft recommends that users who have installed WebTV for Windows consider installing the patch. What does the patch do? The patch eliminates the vulnerability by causing the WebTV for Windows application to process the string at issue correctly. How do I use the patch? Knowledge Base article <http://www.microsoft.com/technet/support/kb.asp?ID=274113> Q274113 contains detailed instructions for applying the patch to your site How can I tell if I installed the patch correctly? The Knowledge Base article <http://www.microsoft.com/technet/support/kb.asp?ID=274113> Q274113 provides a manifest of the files in the patch package. The easiest way to verify that you have installed the patch correctly is to verify that these files are present on your computer, and have the same sizes and creation dates as shown in the KB article. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
