CVE-1999-0723

Vulnerability

The vulnerability resides in the Windows NT Client Server Runtime Subsystem (CSRSS.EXE) process. When all available worker threads in CSRSS are occupied waiting for user input, the subsystem cannot service any other requests, effectively causing the system to hang. This condition is reachable on systems that allow interactive logons. Affected versions include Microsoft Windows NT 4.0 Workstation, Windows NT 4.0 Server, and Windows NT 4.0 Server, Enterprise Edition [1].

Exploitation

An attacker with the ability to perform interactive logons on the target system can trigger the vulnerability by causing all CSRSS worker threads to enter a state waiting for user input. The exact sequence involves opening multiple sessions or processes that each consume a worker thread and then leave it waiting indefinitely. Once all threads are exhausted, the system becomes unresponsive until user input is provided to one of the waiting threads [1].

Impact

Successful exploitation results in a denial of service condition. The affected machine hangs and cannot process new requests, including those from legitimate users. The system remains in this state until user input is supplied to one of the waiting threads, at which point normal operation resumes. No data corruption or privilege escalation occurs [1].

Mitigation

Microsoft released a patch to address this vulnerability. The fix ensures that the last remaining CSRSS worker thread services only requests that do not require user input, preventing complete exhaustion. The patch is available through Microsoft Security Bulletin MS99-021 and is described in Knowledge Base article 233323. Affected systems should apply the patch to eliminate the vulnerability [1].