An attacker could directly exploit this vulnerability by requesting a unicast MMS stream from an affected system and then submitting a malicious Transport Info packet as part of the stream setup negotiation. If successful, the attacker could execute arbitrary code with the privileges of the affected service. These privileges are sufficient to allow the attacker to completely compromise the affected system.
The Microsoft Windows 2000 platform was the only operating system on which the affected version of Windows Media Services was available. Due to the impending end of support by Microsoft, administrators are strongly encouraged to start planning a migration to a more current version of Microsoft Windows Server.
Previous software updates from Microsoft did not completely correct exploitation vectors that are related to this vulnerability. In response to these errors, Microsoft has released an updated security fix.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the April 2010 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2010