Handle Leak in WinLogon After Applying Windows NT 4.0 Service Pack 6

This article was previously published under Q259042
This article has been archived. It is offered "as is" and will no longer be updated.
After you install Windows NT 4.0 Service Pack 6 and if the RegConnectRegistry() API is being used heavily, the Winlogon process may exhibit a Handle Leak.
This issue occurs because Windows NT 4.0 Service Pack 6 introduced a problem in the termination code for WinLogon, which prevents orphaned handles from closing.

To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)
The English-language version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date      Time                 Size    File name     Platform   -------------------------------------------------------------   03-Apr-2000  15:46  4.0.1381.7046  135,440  services.exe  i386   03-Apr-2000  15:46  4.0.1381.7046  192,272  winlogon.exe  i386   03-Apr-2000  15:45  4.0.1381.7046  249,104  services.exe  Alpha   03-Apr-2000  15:45  4.0.1381.7046  275,216  winlogon.exe  Alpha				

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows NT 4.0.

Article ID: 259042 - Last Review: 02/28/2014 00:32:00 - Revision: 2.2

Microsoft Windows NT 4.0 Service Pack 6, Microsoft Windows NT 4.0 Service Pack 6a, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Workstation 4.0 Developer Edition

  • kbnosurvey kbarchive kbbug kbfix kbqfe kbhotfixserver KB259042