Registry Request Denial of Service

Registry Request Denial of Service
Reported June 6 by
Renaud Deraison

  • Windows NT 4.0 Workstation, Server, Enterprise Edition, Terminal Server


Before a request to access the registry from a remote machine can be processed it must first be authenticated by the Remote Registry server, which is contained within the winlogon.exe process. If the request is malformed in a specific fashion it could be misinterpreted by the remote registry server which may cause the entire system to crash.


Microsoft is aware of this problem and has released a patch for NT 4.0 Workstation, Server, and Enterprise Edition. According to Microsoft,  patch for Terminal Server will be released shortly. Be sure to read Support Online article Q264684.

Discovered and reported by Renaud Deraison

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.