Reported September 10, 2001, by Microsoft.
VERSIONS AFFECTED
-
Microsoft Windows NT 4.0 Workstation
-
Microsoft Windows NT 4.0 Server
-
Microsoft Windows NT 4.0 Server, Enterprise Edition
-
Microsoft Windows NT Server 4.0, Terminal Server Edition
DESCRIPTION
A
vulnerability exists in NT 4.0 remote procedure call (RPC) endpoint mapper
service that an attacker can use to cause a Denial of Service (DoS) condition. A
problem in the service causes it to fail when an attacker sends a request that
contains a particular type of malformed data.
VENDOR RESPONSE
The vendor, Microsoft, has released security bulletin MS01-048 to address this vulnerability and recommends that affected users apply the patch provided at its Web site. Microsoft will provide a patch for WTS at bulletin MS01-048 when the patch becomes available.
CREDIT
Discovered
by Seiichi
Tatsukawa of Rational Software.