Microsoft Windows Media Services 4.0/4.1 Handshake denial of service

CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.

A vulnerability was found in Microsoft Windows Media Services 4.0/4.1 (Operating System) and classified as problematic. This issue affects an unknown code of the component Handshake Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. Impacted is availability.

The weakness was released 02/23/2000 by Originally reported to Microsoft by Kit Knox. Publicized in Microsoft Security Bulletin MS00-013, released February 23 and 2000. with Microsoft as MS00-013 as confirmed bulletin (Technet). The advisory is shared at The identification of this vulnerability is CVE-2000-0211. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1499 for this issue.

A public exploit has been developed in ANSI C. It is declared as proof-of-concept. The exploit is available at We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 10289 (MS00-013: Microsoft Windows Media Server Malformed Handshake Sequence DoS (253943) (intrusive check)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context remote.

Upgrading eliminates this vulnerability. Applying the patch MS00-013 is able to eliminate this problem. The bugfix is ready for download at The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at SecurityFocus (BID 1000), X-Force (4034), Vulnerability Center (SBV-106) and Tenable (10289).





CPE 2.3infoedit

CPE 2.2infoedit


VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 4.8

VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍



VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍


Class: Denial of service
CWE: CWE-404
ATT&CK: T1499

Local: No
Remote: Yes

Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍


Nessus ID: 10289
Nessus Name: MS00-013: Microsoft Windows Media Server Malformed Handshake Sequence DoS (253943) (intrusive check)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍

OpenVAS ID: 800328
OpenVAS Name: Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍


Recommended: Upgrade
Status: 🔍

0-Day Time: 🔍

Patch: MS00-013


01/18/2000 🔍
02/23/2000 +36 days 🔍
02/23/2000 +0 days 🔍
02/23/2000 +0 days 🔍
02/28/2000 +5 days 🔍
10/13/2002 +958 days 🔍
06/23/2014 +4271 days 🔍
08/11/2017 +1145 days 🔍
10/08/2020 +1154 days 🔍



Advisory: MS00-013
Researcher: Originally reported to Microsoft by Kit Knox. Publicized in Microsoft Security Bulletin MS00-013/released February 23/2000.
Organization: Microsoft
Status: Confirmed

CVE: CVE-2000-0211 (🔍)
SecurityFocus: 1000 - Microsoft Windows Media Services Handshake Sequence DoS Vulnerability
X-Force: 4034
Vulnerability Center: 106 - [MS00-013] DoS in Windows Media Server via Improper Sequence of Client Handshake Packets, Medium

scip Labs:


Created: 06/23/2014 05:48 PM
Updated: 10/08/2020 09:40 AM
Changes: (1) advisory_person_name
Complete: 🔍


No comments yet. Please log in to comment.

Do you know our Splunk app?

Download it now for free!