Article ID: 823803 - Last Review: July 30, 2007 - Revision: 7.3

MS03-029: A flaw in a Windows function might allow a Denial of Service

View products that this article applies to.

Technical update

  • August 13, 2003: An updated security patch has been released to correct problems on Windows NT Server 4.0-based computers running Remote Access Service (RAS) or Routing and Remote Access Service (RRAS). In the "File Information" section, the file attributes for the updated patch were added.

    For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    825501  (http://support.microsoft.com/kb/825501/ ) RAS or RRAS does not start when you restart a server that is running Windows NT 4.0
    Note This problem does not affect Windows NT 4.0 Terminal Server Edition.
  • July 23, 2003: In the "Installation Information" section, the registry key to verify that the security patch is installed on your computer was changed from
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows NT\SP6\Q823803
    to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803
  • July 23, 2003: In the "File Information" section, the registry key to verify the files that the security patch installed was changed from
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows NT\SP6\Q823803\Filelist
    to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803\File 1

On This Page

Expand all | Collapse all

SYMPTOMS

A flaw exists in a Windows NT Server 4.0 function that might cause a denial-of-service vulnerability. The flaw occurs because the affected function can cause memory that the function does not own to be freed when some overly long parameters are passed to the function. If the application that makes the request to the function does not carry out any user-input validation and permits the overly long parameters to be passed to the function, the function may free memory that the function does not own. Therefore, the application that passes the request might stop working.

By default, the affected function is not accessible remotely. However, applications that are installed on the operating system that are available remotely might use the affected function. Program servers and Web servers are two such applications that might access the function. Note that by default, Microsoft Internet Information Server (IIS) 4.0 does not use the affected function.
Back to the top

Mitigating factors

  • A default installation of Windows NT Server 4.0 is not vulnerable to a remote denial of service. Additional software must be installed to expose the vulnerability remotely.
  • If the application that calls the affected function carries out input validation, the overly long parameter might not be passed to the vulnerable function.
  • The flaw cannot be used to cause Windows NT Server 4.0 itself to stop working. Only the application that makes the request might stop working.
Back to the top

RESOLUTION

Security patch information

Download information

The following files are available for download from the Microsoft Download Center:


Windows NT Server 4.0
Collapse this imageExpand this image
Download
Download the 823803 package now. (http://microsoft.com/downloads/details.aspx?FamilyId=8FF8CA3E-D546-4FAF-851F-FFBE2490B901&displaylang=en)
Note If you are running Microsoft Windows NT Workstation 4.0, contact Microsoft Product Support Services to obtain this security update. For information about how to contact Microsoft Product Support Services, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS (http://support.microsoft.com/default.aspx?scid=fh;en-us;cntactms)


Windows NT Server 4.0, Terminal Server Edition
Collapse this imageExpand this image
Download
Download the 823803 package now. (http://microsoft.com/downloads/details.aspx?FamilyId=5C46460D-3887-4D5F-B142-F505BB208797&displaylang=en)
Release Date: July 23, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/ ) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

This security patch requires Windows NT 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 (SP6).

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
152734  (http://support.microsoft.com/kb/152734/ ) How to obtain the latest Windows NT 4.0 service pack

Installation information

This security patch supports the following Setup switches:
  • /y: Perform removal (only with the /m or /q switch).
  • /f: Force programs to be closed during the shutdown process.
  • /n: Do not create an Uninstall folder.
  • /z: Do not restart when the update completes.
  • /q: Use Quiet or Unattended mode with no user interface (this switch is a superset of the /m switch).
  • /m: Use Unattended mode with a user interface.
  • /l: List the installed hotfixes.
  • /x: Extract the files without running Setup.
To verify that the security patch is installed on your computer, confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803

Deployment information

To install the security patch without any user intervention, use the following command:
Q823803i /q
To install the security patch without forcing the computer to restart, use the following command:
Q823803i /z
Note You can combine these switches in one command line.

For information about how to deploy this security patch with Microsoft Software Update Services, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/wsus/bb466201.aspx (http://technet.microsoft.com/en-us/wsus/bb466201.aspx)

Restart requirement

You must restart your computer after you apply this security patch.

Removal information

System administrators can use the Hotfix.exe utility to remove this patch. The Hotfix.exe utility is located in the %Windir%\$NTUninstallQ823803$ folder. The utility supports the following Setup switches:
  • /y: Perform removal (only with the /m or /q switch).
  • /f: Force programs to be closed during the shutdown process.
  • /n: Do not create an Uninstall folder.
  • /z: Do not restart when the installation is complete.
  • /q: Use Quiet or Unattended mode with no user interface (this switch is a superset of the /m switch).
  • /m: Use Unattended mode with a user interface.
  • /l: List the installed hotfixes.

Security patch replacement information

This security patch does not replace any other patches.

File information

The English version of this patch has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows NT Server 4.0 (August 13, 2003 release)
   Date         Time   Version            Size    File name
   --------------------------------------------------------------
   25-Jul-2003  13:00  4.0.1381.7226     379,152  Kernel32.dll
Windows NT Server 4.0 (Original release)
   Date         Time   Version        Size     File name
   --------------------------------------------------------
   08-Jul-2003  13:40  4.0.1381.7224  379,152  Kernel32.dll
Windows NT Server 4.0, Terminal Server Edition
   Date         Time   Version         Size     File name
   ---------------------------------------------------------
   08-Jul-2003  13:51  4.0.1381.33549  412,944  Kernel32.dll
You can also verify the files that this security patch installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803\File 1
Back to the top

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the "Applies to" section.
Back to the top

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS03-029.mspx (http://www.microsoft.com/technet/security/bulletin/MS03-029.mspx)
Back to the top
APPLIES TO
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Server 4.0, Terminal Server Edition
Back to the top
Keywords: 
kbhotfixserver kbfix kbbug kbwinnt400presp7fix kbsecvulnerability kbsecbulletin kbsecurity kbqfe KB823803
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations