Malformed Security Identifier Request Vulnerability

A vulnerability exists in the LsaLookupSids function that could allow a malicious user to cause a Windows NT machine to stop responding to requests for service.

Issue

The Windows NT Local Security Authority (LSA) provides a number of functions for enumerating and manipulating security information. One of these functions, LsaLookupSids(), is used to determine the Security Identifier (SID) associated with a particular user or group name. A flaw in the implementation of this function causes it to incorrectly handle certain types of invalid arguments. If an affected call were made to this function, it would cause the LSA to crash, thereby preventing the machine from performing useful work.

An affected machine could be put back into service by rebooting, with the loss of any work that was in progress at the time. Remote attacks via this vulnerability would not be possible if NetBios is filtered at the firewall.

Affected Products

• Windows NT Server, Enterprise, Terminal Server and Workstation 4.0

Solution

The fix for this vulnerability is included in the patch for the "Syskey Keystream Reuse" vulnerability. Users who have already applied it do not need to take any additional action.

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: December 16, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<