CVE-1999-1234

Name of the Vulnerable Software and Affected Versions Windows NT 4.0

Description The issue allows remote attackers to cause a denial of service. This is achieved by providing a NULL policy handle in a call to functions such as (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo in LSA (LSASS.EXE).

Recommendations For Windows NT 4.0, consider restricting access to the SamrOpenDomain, SamrEnumDomainUsers, and SamrQueryDomainInfo functions until a patch is available. As a temporary workaround, avoid using NULL policy handles in calls to these functions to minimize the risk of exploitation.