Reported September 10, 2001, by Microsoft.
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT Server 4.0, Terminal Server Edition
A vulnerability exists in NT 4.0 remote procedure call (RPC) endpoint mapper service that an attacker can use to cause a Denial of Service (DoS) condition. A problem in the service causes it to fail when an attacker sends a request that contains a particular type of malformed data.
The vendor, Microsoft, has released security bulletin MS01-048 to address this vulnerability and recommends that affected users apply the patch provided at its Web site. Microsoft will provide a patch for WTS at bulletin MS01-048 when the patch becomes available.
Discovered by Seiichi Tatsukawa of Rational Software.