1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. NetBIOS NT Winlogon DoS

NetBIOS NT Winlogon DoS

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.


This signature detects attempts to exploit a vulnerability in the winlogon.exe service causing a denial of service

Additional Information

In special circumstances while handling requests to access the Remote Registry Server, Windows NT 4.0 could crash due to winlogon.exe's inability to process specially malformed remote registry requests. Rebooting the machine would be required in order to regain normal functionality.

Only authenticated users on the network would be able to exploit this vulnerability. If Windows NT was configured to deny all remote registry requests, it would not be affected by this vulnerability under any conditions.


  • Microsoft Windows NT 4.0


Microsoft has released the following patch which rectifies this issue:
Microsoft Windows NT 4.0:
Microsoft Patch Q264684
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube