Windows NT 4.0 Terminal Server Edition "Winsock Mutex" Vulnerability Patch MS01-003 (Windows)
This patch eliminates a security vulnerability in Windows NT 4.0. The vulnerability could allow a malicious user to run a special program to disable an affected computer's network functionality. Like all other objects under Windows NT 4.0, mutexes--synchronization objects that govern access to resources--have permissions associated with them, that govern how they can be accessed. However, a particular mutex used to govern access to a networking resource has inappropriately loose permissions. This could enable an attacker who had the ability to run code on a local machine to monopolize the mutex, thereby preventing any other processes from using the resource that it controlled. This would have the effect of preventing the machine from participating in the network.The attacker would require interactive logon access to the affected machine. This significantly limits the scope of the vulnerability because, if normal security recommendations have been followed, unprivileged users will not be granted interactive logon rights to critical machines like servers. Unprivileged users typically are granted interactive logon rights to workstations and terminal servers. However, a workstation would not be a tempting target for an attacker, because he could only use this vulnerability to deny service to himself. The machines most likely to be affected would be terminal servers.