Article ID: 321677
Article Last Modified on 10/27/2006
APPLIES TO
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows Media Player 7.1, when used with:
- Microsoft Windows 2000 Standard Edition
This article was previously published under Q321677
SYMPTOMS
The WMDM PMSP service vulnerability makes it possible for a computer with Windows Media Player installed on it to exploit the WMDM PMSP service to connect to a malicious named pipe.
This is a privilege-elevation vulnerability. A malicious user who is able to both interactively log on to the console and run a program on the computer might seek to exploit this vulnerability and gain the same rights on the computer as the operating system itself. This might make it possible for the attacker to add, change, or delete any file on the computer. The attacker could also change the security settings or add accounts to the computer.
CAUSE
The vulnerability results because of a flaw in how the Windows Media Device Manager service handles requests to access local storage devices. The service does not correctly identify requests to local storage devices that are not valid.
RESOLUTION
Windows Media Player for Windows XP
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The update for this problem is included in the Windows Media Player rollup package that is referenced in the following article in the Microsoft Knowledge Base:
320920 MS02-032: Windows Media Player Rollup Available
Windows Media Player 7.1
The update for this problem is included in the Windows Media Player rollup package that is referenced in the following article in the Microsoft Knowledge Base:
320920 MS02-032: Windows Media Player Rollup Available
STATUS
Microsoft has confirmed that this problem may result in some degree of security vulnerability in the versions of Windows Media Player that are listed earlier in this article. This problem was first corrected in Windows XP Service Pack 1.
MORE INFORMATION
This particular vulnerability only affects Windows Media Player 7.1 on Microsoft Windows 2000-based computers. Windows Media Player 6.4 on all platforms, Windows Media Player for Microsoft Windows XP, and Windows Media player 7.1 on Microsoft Windows 98 and Microsoft Windows Millennium Edition (Me) are not affected by this problem. The vulnerability can be exploited only when a user logons on to a computer at the console. Terminal sessions are not affected by this vulnerability. The user must also introduce a hostile program to the computer. Because of this, client computers are more likely to be affected by this vulnerability than servers such as Microsoft SQL or Microsoft Exchange servers. This is because those programs typically restrict interactive logons to administrators. Finally, on client computers, any limitations on a user's ability to introduce and run code to the computer, such as through group policies, software restriction policies, and physically security, would significantly mitigate exposure to this vulnerability.
A vulnerability of this type occurs when a user works with the executive NT\DosDevices object folder that is used by a privileged security context.
Additional query words: kbWinMedia security_patch wmp
Keywords: kbbug kbenv kbfix kbmm kbsecbulletin kbsechack kbsecurity kbsecvulnerability kbwinxpsp1fix KB321677
