Microsoft DLNA user agent

Question

Microsoft DLNA user agent

lucas.py 20

Hi there,

I have a question regarding the Microsoft-DLNA DLNADOC/1.50 User-Agent. I am monitoring network traffic in my environment and I have noticed repeated requests of the following nature:

"GET /icon_sample.jpg HTTP/1.1

Connection: Keep-Alive

User-Agent: User-Agent: Microsoft-DLNA DLNADOC/1.50

Host: {sample_ip}:9197"

As you can see, the User-Agent header is mentioned twice in the request. I was wondering if this is a known issue, and if not, is there a way for me to report it to Microsoft? My environment is flagging this request as suspicious due to the repeated use of the User-Agent header.

Thank you in advance for your assistance,
-Lucas

Accepted answer

1 additional answer

Your answer

Answer 1

Gary Nebbett 6,216

Hello Lucas,

There does indeed seem to be a minor problem with the Windows.Media.Streaming DLL; it calls WinHttpOpen with an Agent parameter of "User-Agent: Microsoft-DLNA DLNADOC/1.50" when it should let WinHttpOpen add the "User-Agent: " header name.

Windows_Media_Streaming!_DownloadFileFromDevice+0x1a4:
call qword ptr [Windows_Media_Streaming!_imp_WinHttpOpen]
> du /c99 @rcx
"User-Agent: Microsoft-DLNA DLNADOC/1.50"

Identifying the cause of the problem is easy but getting it fixed is a different matter - I don't know of any effective way of reporting such errors without a support contract with Microsoft. In any event, it will be a long time before it is fixed, so you will probably just have to accept this behaviour for the near to medium term.

Gary

lucas.py 20 Reputation points

2023-02-15T21:16:25.6133333+00:00

Thanks for taking the time to look up the DLL file. This makes a lot of sense. I will tune my environment to cancel this out and try to report this to Microsoft. I'll update the thread if this ever gets picked up by Microsoft.
lucas.py 20 Reputation points

2023-02-21T10:16:15.72+00:00

Hey Gary,

I do not know if you will still see this message. But I would like to ask what program or method you used to open/read this DLL file. I have tried opening it with DotPeek but with no usefull result. Thanks in advance.
Gary Nebbett 6,216 Reputation points

2023-02-21T10:57:04.38+00:00

Hello Lucas,

I just used the CDB debugger from the Windows SDK.

Gary

Answer 2

Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

It's not uncommon for a User-Agent header to be repeated in an HTTP request, as it can be added by both the client and intermediary devices such as proxies or firewalls. In this case, it's likely that the User-Agent header was added twice by the client making the request.

That being said, if you believe this behavior is suspicious or may be indicative of a security issue, you may want to investigate further and determine the source of the requests. If you do identify a security issue, you can report it to Microsoft's Security Response Center at https://www.microsoft.com/en-us/msrc/report. However, it's important to note that repeating the User-Agent header alone is not necessarily indicative of a security issue, and may simply be an anomaly in the network traffic.

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

Share via

Microsoft DLNA user agent

1 additional answer

Your answer