Reported September 10, 2001, by Microsoft.

VERSIONS AFFECTED

  • Microsoft Windows NT 4.0 Workstation

  • Microsoft Windows NT 4.0 Server

  • Microsoft Windows NT 4.0 Server, Enterprise Edition

  • Microsoft Windows NT Server 4.0, Terminal Server Edition

 

DESCRIPTION
A vulnerability exists in NT 4.0 remote procedure call (RPC) endpoint mapper service that an attacker can use to cause a Denial of Service (DoS) condition. A problem in the service causes it to fail when an attacker sends a request that contains a particular type of malformed data.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS01-048 to address this vulnerability and recommends that affected users apply the patch provided at its Web site. Microsoft will provide a patch for WTS at bulletin MS01-048 when the patch becomes available.

 

CREDIT
Discovered by Seiichi Tatsukawa of Rational Software.