Malformed TCP/IP Print Request

Malformed TCP/IP Print Request
Reported March 30, 2000 by

  • Windows NT 4.0
  • Windows 2000

    According to Microsoft"s report on the matter, "TCP/IP Printing Services is an RFC 1179-compliant printing service designed for environments that use the Berkeley Remote Printing protocols, also known as LPD and LPR. (In Windows 2000, TCP/IP Printing Services are also known as Print Services for Unix). A specially-malformed print request could cause TCPSVC.EXE to crash, which would not only prevent the server from providing printing services, but also would stop several other services, most importantly DHCP. Any affected services could be put back into service by restarting them; it would not be necessary to reboot the machine.

    It is important to note that TCP/IP Printing Services is different from the native Windows NT 4.0 and Windows 2000 printing services. TCP/IP Printing Services is not installed by default, and the vulnerability at hand here would not allow a malicious user to disrupt printing via the native Windows NT 4.0 and Windows 2000 printing services."


    Microsoft has issued a patch for NT 4.0 on Intel and Alpha platforms, as well as patch for Win2K Pro, Server, and Advanced Server. Microsoft also released a FAQ, and Support Online article Q257870

    Discovered and reported by

    Hide comments


    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.