=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN576
_____________________________________________________________________

DATE                      : 10/12/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003,
                             Windows Vista, Windows Server 2008,
                             systems running Windows Media Player,
                             Windows Media Format Runtime,
                             Windows Media Services.

======================================================================
KB959807
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-076 - Important
Vulnerabilities in Windows Media Components Could Allow Remote Code
Execution (959807)

   Published: December 9, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves two privately reported vulnerabilities in the
   following Windows Media components: Windows Media Player, Windows Media
   Format Runtime, and Windows Media Services. The most severe vulnerability
   could allow remote code execution. If a user is logged on with
   administrative user rights, an attacker who successfully exploited this
   vulnerability could take complete control of an affected system. An attacker
   could then install programs; view, change, or delete data; or create new
   accounts with full user rights. Users whose accounts are configured to have
   fewer user rights on the system could be less impacted than users who
   operate with administrative user rights.

   This security update is rated Important for Windows Media Player 6.4,
   Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0,
   Windows Media Format Runtime 9.5, Windows Media Format Runtime 11,
   Windows Media Services 4.1, Windows Media Services 9 Series, and Windows
   Media Services 2008. For more information, see the subsection, Affected
   and Non-Affected Software, in this section.

   The security update addresses the first vulnerability by modifying the way
   that Windows Media authentication replies are validated. The security update
   addresses the second vulnerability by ensuring that Windows Media clients
   treat servers using ISATAP addresses as external. For more information about
   the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for
   the specific vulnerability entry under the next section, Vulnerability
   Information.

   Recommendation. Microsoft recommends that customers apply the update at the
   earliest opportunity.

   Known Issues. None

Affected Software

   Windows Media Player 6.4	
 	 	 	
   Windows Media Format Runtime 7.1

   Windows Media Format Runtime 9.0

   Windows Media Format Runtime 9.5

   Windows Media Format Runtime 9.5 x64 Edition

   Windows Media Format Runtime 11	

   Windows Media Format Runtime 11 x64 Edition

   Windows Media Services 4.1
	
   Windows Media Services 9 Series

   Windows Media Services 2008

   Microsoft Windows 2000 Service Pack 4

   Microsoft Windows 2000 Server Service Pack 4	

   Windows XP Service Pack 2

   Windows XP Service Pack 3
	
   Windows XP Professional x64 Edition

   Windows XP Professional x64 Edition Service Pack 2
	
   Windows Server 2003 Service Pack 1

   Windows Server 2003 Service Pack 2
	
   Windows Server 2003 x64 Edition

   Windows Server 2003 x64 Edition Service Pack 2

   Windows Vista

   Windows Vista Service Pack 1

   Windows Vista x64 Edition

   Windows Vista x64 Edition Service Pack 1
 	 	 	
   Windows Server 2008 for 32-bit Systems*
	
   Windows Server 2008 for x64-based Systems

   * Windows Server 2008 server core installation affected. For supported
   editions of Windows Server 2008, this update applies, with the same
   severity rating, whether or not Windows Server 2008 was installed using
   the Server Core installation option.

Vulnerability Information

SPN Vulnerability - CVE-2008-3009

   A credential reflection vulnerability exists in the Windows Media
   components that could allow an attacker to execute code with the same
   rights as the local user or with Windows Media Services distribution
   credentials. The vulnerability exists due to weaknesses in Service
   Principal Name (SPN) implementations within Windows Media components.
	
ISATAP Vulnerability - CVE-2008-3010

   An information disclosure vulnerability exists in supported versions of
   Windows Media components that could result in the disclosure of NTLM
   credentials. Any Windows Media component that accesses a URL that uses an
   ISATAP address could leak the users NTLM credentials to the server that
   hosts the URL. This could allow an attacker who is external to the
   intranet zone to gather NTLM credentials for an enterprise environment.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================